tweaked perf restrictions, disallowed IPv6 SRR and redirects

sysctl.conf

@@ -1,12 +1,13 @@
 # Name: K4YT3X Hardened sysctl Configuration
 # Author: K4YT3X
-# Contributors: IceCodeNew
+# Contributor: IceCodeNew
+# Contributor: HorlogeSkynet
 # Date Created: October 5, 2020
-# Last Updated: October 29, 2020
+# Last Updated: June 7, 2021
 
 # Licensed under the GNU General Public License Version 3 (GNU GPL v3),
 #   available at: https://www.gnu.org/licenses/gpl-3.0.txt
-# (C) 2020 K4YT3X
+# (C) 2020-2021 K4YT3X
 
 # Multiple sources have been consulted while writing this configuration
 #  file (e.g., nixCraft's sysctl.conf). Sources are not cited since this
@@ -64,7 +65,7 @@ kernel.pid_max = 4194304
 #kernel.panic = 10
 
 # restrict perf subsystem usage
-kernel.perf_event_paranoid = 2
+kernel.perf_event_paranoid = 3
 kernel.perf_cpu_time_max_percent = 1
 kernel.perf_event_max_sample_rate = 1
 
@@ -263,6 +264,14 @@ net.ipv6.conf.all.max_addresses = 1
 net.ipv6.conf.default.use_tempaddr = 2
 net.ipv6.conf.all.use_tempaddr = 2
 
+# ignore IPv6 ICMP redirect messages
+net.ipv6.conf.default.accept_redirects = 0
+net.ipv6.conf.all.accept_redirects = 0
+
+# do not accept packets with SRR option
+net.ipv6.conf.default.accept_source_route = 0
+net.ipv6.conf.all.accept_source_route = 0
+
 # ignore all ICMPv6 echo requests
 #net.ipv6.icmp.echo_ignore_all = 1
 #net.ipv6.icmp.echo_ignore_anycast = 1