View topic - [Security][Hardening] Network configuration

Page 1 of 1

[Security][Hardening] Network configuration

PostPosted: Fri Nov 20, 2020 10:06 am
by St3f
Hello,

In order to fulfill some hardening constraints, I try to configure some network parameters but didn’t find them in the QNX documentation (related to the “/etc/sysctl.conf” file).

I just wonder if there is any possibility to
• ensure that bogus ICMP responses are ignored. In Linux, the corresponding parameter is “icmp_ignore_bogus_error_responses”.
• Ensure that reverse path filtering is enabled. In Linux, the corresponding parameter is “rp_filter”.

Thanks for your help.

Re: [Security][Hardening] Network configuration

PostPosted: Fri Nov 27, 2020 6:43 am
by maschoen
Assuming that this is not a currently supported feature, you could create a stack filter that would deal with this, not a project for the faint of heart.