/proc/sys/net/ipv4/w00t

Disabling accept_redirects keeps out malicious ICMP redirect requests, which could modify your routing table. Enabling icmp_ignore_bogus_error_responses ensures protection from false ICMP error messages. Enabling log_martians logs spoofed packets, source routed packets, and redirect packets, even though we're not allowing them. All of these packets are referred to as “martians” since they really shouldn't exist. And last but not least, enabling ip_forward allows packets to forward through our external interface to our internal network, which is necessary for IP Masquerading.
An important note: In the ipchains implementation in the 2.2 Linux kernel, you needed to enable ip_always_defrag, and this is not needed here, since the connection tracking modules reassembles all packet fragments automagically.

An important note: In the ipchains implementation in the 2.2 Linux kernel, you needed to enable ip_always_defrag, and this is not needed here, since the connection tracking modules reassembles all packet fragments automagically.