# How to include this for loop in sysctl.conf?

## gilamonster

The Security Handbook recommends you interpret the following for loop into something readable by /etc/sysctl.conf:

```
for i in /proc/sys/net/ipv4/conf/*; do

        /bin/echo "1" > $i/rp_filter

done
```

I don't know how to do this.

I've implemented the handbook's other recommendations correctly, e.g.

# Drop ping packets

/bin/echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all

becomes

# Drop ping packets

net.ipv4.icmp_echo_ignore_all = 1

But how would you implement that for loop?

Thanks for any advice

----------

## truc

AFAIK you can't, the best you can do is to copy the follwing command output to your sysctl.conf

```
cd /proc/sys && for i in net/ipv4/conf/* ;do echo "${i//\//.}.rp_filter = 1"; done
```

note: sysctl also accept '/' as a delimiter, so the bashism here (${var//..}) isn't absolutely needed), and update it in case you have a new network interface

EDIT: looking at the output of my own command, I realise, you're probably looking for the following setting:

```
net.ipv4.conf.all.rp_filter = 1
```

----------

