From 5fe8aa27ae561cd04eac9473e220831bbb6ccab4 Mon Sep 17 00:00:00 2001
From: Christoph Cullmann <christoph@cullmann.io>
Date: Sun, 30 Mar 2025 17:40:04 +0200
Subject: [PATCH] harden some stuff

---
 share/common.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/share/common.nix b/share/common.nix
index ad0050c..06c23d8 100644
--- a/share/common.nix
+++ b/share/common.nix
@@ -68,6 +68,10 @@ in
     "kernel.kptr_restrict" = 2;
     "kernel.unprivileged_bpf_disabled" = 1;
     "net.core.bpf_jit_harden" = 2;
+    "net.ipv4.conf.all.accept_redirects" = false;
+    "net.ipv4.conf.default.accept_redirects" = false;
+    "net.ipv6.conf.all.accept_redirects" = false;
+    "net.ipv6.conf.default.accept_redirects" = false;
   };
 
   # blacklist some stuff