# https://bugzilla.redhat.com/show_bug.cgi?id=1689346
kernel.kptr_restrict = 1

# Source route verification
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.*.rp_filter = 1
-net.ipv4.conf.all.rp_filter