ubuntu 设置系统变量

2024-6-10 • tag-icon

我正在尝试通过以下系统变量保护我的服务器

net.ipv4.icmp_echo_ignore_all=1
# IP Spoofing protection
net.ipv4.conf.all.rp_filter=1
net.ipv4.conf.default.rp_filter=1
#Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts=1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route=0
net.ipv6.conf.all.accept_source_route=0 
net.ipv4.conf.default.accept_source_route=0
net.ipv6.conf.default.accept_source_route=0
# Ignore send redirects
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
# Block SYN attacks
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_max_syn_backlog=2048
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=5
# Log Martians
net.ipv4.conf.all.log_martians=1
net.ipv4.icmp_ignore_bogus_error_responses=1
# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects=0
net.ipv6.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0 
net.ipv6.conf.default.accept_redirects=0
# Ignore Directed pings
net.ipv4.icmp_echo_ignore_all=1

图像：

但是当我应用规则时发生了一些错误。

sysctl: cannot stat /proc/sys/net/ipv4/conf/all/rp_filter: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/rp_filter: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/default/accept_source_route: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/send_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/send_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_max_syn_backlog: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_synack_retries: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/tcp_syn_retries: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/log_martians: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/all/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/all/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/conf/default/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv6/conf/default/accept_redirects: No such file or directory
sysctl: cannot stat /proc/sys/net/ipv4/icmp_echo_ignore_all: No such file or directory

错误图像：

这里 cat -A /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=1$
# IP Spoofing protection$
M-bM-^@M-^Knet.ipv4.conf.all.rp_filter=1$
M-bM-^@M-^Knet.ipv4.conf.default.rp_filter=1$
#Ignore ICMP broadcast requests$
M-bM-^@M-^Knet.ipv4.icmp_echo_ignore_broadcasts=1$
# Disable source packet routing$
M-bM-^@M-^Knet.ipv4.conf.all.accept_source_route=0$
M-bM-^@M-^Knet.ipv6.conf.all.accept_source_route=0$
M-bM-^@M-^Knet.ipv4.conf.default.accept_source_route=0$
M-bM-^@M-^Knet.ipv6.conf.default.accept_source_route=0$
# Ignore send redirects$
M-bM-^@M-^Knet.ipv4.conf.all.send_redirects=0$
M-bM-^@M-^Knet.ipv4.conf.default.send_redirects=0$
# Block SYN attacks$
M-bM-^@M-^Knet.ipv4.tcp_syncookies=1$
M-bM-^@M-^Knet.ipv4.tcp_max_syn_backlog=2048$
M-bM-^@M-^Knet.ipv4.tcp_synack_retries=2$
M-bM-^@M-^Knet.ipv4.tcp_syn_retries=5$
# Log Martians$
M-bM-^@M-^Knet.ipv4.conf.all.log_martians=1$
M-bM-^@M-^Knet.ipv4.icmp_ignore_bogus_error_responses=1$
# Ignore ICMP redirects$
M-bM-^@M-^Knet.ipv4.conf.all.accept_redirects=0$
M-bM-^@M-^Knet.ipv6.conf.all.accept_redirects=0$
M-bM-^@M-^Knet.ipv4.conf.default.accept_redirects=0$
M-bM-^@M-^Knet.ipv6.conf.default.accept_redirects=0$
# Ignore Directed pings$
M-bM-^@M-^Knet.ipv4.icmp_echo_ignore_all=1$
root@ubuntu-s-2vcpu-4gb-lon1-01:/etc#

答案1

而不是

net.ipv4.icmp_echo_ignore_broadcasts = 1

更改每一行，使变量和值之间没有空格，如下所示

net.ipv4.icmp_echo_ignore_broadcasts=1

答案1

相关内容