Some Security Linux Kernel Settings 

(/etc/sysctl.conf  or   /etc/sysctl.d/*):

#### ipv4 networking ####


## TCP SYN cookie protection
## helps protect against SYN flood attacks
## only kicks in when net.ipv4.tcp_max_syn_backlog is reached
net.ipv4.tcp_syncookies = 1


## protect against tcp time-wait assassination hazards
## drop RST packets for sockets in the time-wait state
## (not widely supported outside of linux, but conforms to RFC)
net.ipv4.tcp_rfc1337 = 1


## tcp timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = 0
#net.ipv4.tcp_timestamps = 1


## source address verification (sanity checking)
## helps protect against spoofing attacks
net.ipv4.conf.all.rp_filter = 1


## disable ALL packet forwarding (not a router, disable it)
net.ipv4.ip_forward = 0


## log martian packets
net.ipv4.conf.all.log_martians = 1


## ignore echo broadcast requests to prevent being part of smurf attacks
net.ipv4.icmp_echo_ignore_broadcasts = 1


## optionally, ignore all echo requests
#net.ipv4.icmp_echo_ignore_all = 1


## ignore bogus icmp errors
net.ipv4.icmp_ignore_bogus_error_responses = 1


## IP source routing (insecure, disable it)
net.ipv4.conf.all.accept_source_route = 0


## send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0


## ICMP routing redirects (only secure)
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1


Reload this settings with the following command:

sysctl -p