“Perhaps one of the more frequently neglected areas of
firewall configuration involves the /proc filesystem. The pseudo
file structure within proc allows you to interface with the
internal data structures in the kernel, either obtaining
information about the system or changing specific settings. Some of
the parts of /proc are read-only, while others can be modified. It
is often referred to as a virtual filesystem in that it doesn’t
take up any actual hard drive space; files are created only on
demand when you access them. In this article, we will be focusing
specifically on /proc/sys/net/ipv4.In order to benefit from the use of the /proc filesystem, you’ll
need to enable two settings when building your kernel.
CONFIG_PROC_FS is the setting that allows you to access and view
the /proc filesystem, and CONFIG_SYSCTL is the bit that actually
allows you to modify /proc entries without requiring a reboot of
the system or a recompile of the kernel. Settings are only
available at boot time after the /proc file system has been
mounted.”