diff options
-rw-r--r-- | meta-phosphor/recipes-core/base-files/base-files/50-rp_filter.conf | 5 | ||||
-rw-r--r-- | meta-phosphor/recipes-core/base-files/base-files_%.bbappend | 4 |
2 files changed, 9 insertions, 0 deletions
diff --git a/meta-phosphor/recipes-core/base-files/base-files/50-rp_filter.conf b/meta-phosphor/recipes-core/base-files/base-files/50-rp_filter.conf new file mode 100644 index 000000000..7194eb85d --- /dev/null +++ b/meta-phosphor/recipes-core/base-files/base-files/50-rp_filter.conf @@ -0,0 +1,5 @@ +# Turn on Source Address Verification in all interfaces to +# prevent some spoofing attacks +net.ipv4.conf.default.rp_filter = 2 +net.ipv4.conf.all.rp_filter = 2 + diff --git a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend index 83e455f3d..c77cfefc7 100644 --- a/meta-phosphor/recipes-core/base-files/base-files_%.bbappend +++ b/meta-phosphor/recipes-core/base-files/base-files_%.bbappend @@ -5,6 +5,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:" RDEPENDS_${PN}_append_df-obmc-ubi-fs = " preinit-mounts" SRC_URI += " \ + file://50-rp_filter.conf \ ${@bb.utils.contains('DISTRO_FEATURES', 'ldap', 'file://nsswitch_ldap.conf', '', d)}" do_install_append() { @@ -14,4 +15,7 @@ do_install_append() { if [ "${@bb.utils.filter('DISTRO_FEATURES', 'ldap', d)}" ]; then install -D -m 600 ${WORKDIR}/nsswitch_ldap.conf ${D}/${sysconfdir}/nsswitch.conf fi + + install -d ${D}/${libdir}/sysctl.d + install -D -m 644 ${WORKDIR}/50-rp_filter.conf ${D}/${libdir}/sysctl.d/50-rp_filter.conf } |