#!/bin/ksh

##################################################################################################
# Changes per HP Document USECKBAN0000080:
#    --- security network tunning ---
#
# File name: /sbin/init.d/arpclean
#
# Don't forget the link:
#      ln -s /sbin/init.d/arpclean /sbin/rc2.d/S330arpclean
#
# Doug Burton - 6/20/2003
# http://home.tampabay.rr.com/batcave
##################################################################################################

PATH=/sbin:/usr/sbin:/usr/bin
export PATH

case $1 in
  start_msg)
        echo "Setting NDD settings."
        ;;
  start)

        /usr/bin/ndd  -set /dev/ip  ip_forward_directed_broadcasts       0
        /usr/bin/ndd  -set /dev/ip  ip_forward_src_routed                0
        /usr/bin/ndd  -set /dev/ip  ip_forwarding                        0
        /usr/bin/ndd  -set /dev/ip  ip_ire_gw_probe                      0
        /usr/bin/ndd  -set /dev/ip  ip_pmtu_strategy                     1
        /usr/bin/ndd  -set /dev/ip  ip_send_redirects                    0
        /usr/bin/ndd  -set /dev/ip  ip_send_source_quench                0
        /usr/bin/ndd  -set /dev/tcp tcp_conn_request_max                 500
        /usr/bin/ndd  -set /dev/tcp tcp_syn_rcvd_max                     500
        /usr/bin/ndd  -set /dev/ip  ip_check_subnet_addr                 0
        /usr/bin/ndd  -set /dev/ip  ip_respond_to_address_mask_broadcast 0
        /usr/bin/ndd  -set /dev/ip  ip_respond_to_echo_broadcast         0
        /usr/bin/ndd  -set /dev/ip  ip_respond_to_timestamp_broadcast    0
        /usr/bin/ndd  -set /dev/ip  ip_respond_to_timestamp              0
        /usr/bin/ndd  -set /dev/tcp tcp_text_in_resets                   0
        ;;
  *)
        echo "usage: $0 {start}"
        rval=1
        ;;
esac