Linux Operating System has a number of built-in protection mechanism. You can activate it by modifying the system kernel parameters in the /proc filesystem via the /etc/sysctl.conf file.
taufanlubis@zyrex:/etc$ sudo gedit sysctl.conf
Just, remove the ‘#’ to activate the parameters
Content of sysctl.conf:
#
# /etc/sysctl.conf – Configuration file for setting system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
#net/ipv4/icmp_echo_ignore_broadcasts=1
# the following stops low-level messages on console
kernel.printk = 4 4 1 7
##############################################################
# Functions previously found in netbase
#
# Uncomment the next line to enable Spoof protection (reverse-path filter)
#net.ipv4.conf.default.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.conf.default.forwarding=1
# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.conf.default.forwarding=1
A bit explanation to make it more clear.
Disable routing triangulation. Respond to queries out the same interface, not another.
Help to maintain state. Also protects againts IP spoofing
net.ipv4.conf.default.rp_filter=1
Turn on protection from Denial of Service (DOS) attacks
net.ipv4.tcp_syncookies=1
Enable IP routing. Required if your firewall is protecting a network, NAT included.
net.ipv4.conf.default.forwarding=1
Disable responding to ping broadcasts.
net/ipv4/icmp_echo_ignore_broadcasts=1
