# Add these lines to the end of /etc/rc.d/rc.local

##### Begin DoS Prevention #####
# shut some DoS stuff down
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# increase the local port range
echo 1024 65535 > /proc/sys/net/ipv4/ip_local_port_range

# increase the SYN backlog queue
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog

echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_timestamps

echo 64000 > /proc/sys/fs/file-max

ulimit -n 64000

# stop source routing
for i in /proc/sys/net/ipv4/conf/*/accept_source_route 
do
        echo 0 > $i
done

# enable reverse-path filtering
for i in /proc/sys/net/ipv4/conf/*/rp_filter
do
        echo 1 > $i
done
##### End DoS Prevention #####