From 4dfee5afcc4d0f40f0e34f20fb6313f2f8ffe897 Mon Sep 17 00:00:00 2001 From: Christoph Cullmann Date: Sun, 30 Mar 2025 17:43:27 +0200 Subject: [PATCH] harden some stuff --- share/common.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/share/common.nix b/share/common.nix index 06c23d8..9c5dbb4 100644 --- a/share/common.nix +++ b/share/common.nix @@ -69,6 +69,7 @@ in "kernel.unprivileged_bpf_disabled" = 1; "net.core.bpf_jit_harden" = 2; "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.send_redirects" = false; "net.ipv4.conf.default.accept_redirects" = false; "net.ipv6.conf.all.accept_redirects" = false; "net.ipv6.conf.default.accept_redirects" = false;