diff --git a/Patches/LineageOS-14.1/android_system_core/0001-Hardening.patch b/Patches/LineageOS-14.1/android_system_core/0001-Harden_Mounts.patch
similarity index 51%
rename from Patches/LineageOS-14.1/android_system_core/0001-Hardening.patch
rename to Patches/LineageOS-14.1/android_system_core/0001-Harden_Mounts.patch
index 9ed8ca69..505eb96c 100644
--- a/Patches/LineageOS-14.1/android_system_core/0001-Hardening.patch
+++ b/Patches/LineageOS-14.1/android_system_core/0001-Harden_Mounts.patch
@@ -1,13 +1,13 @@
-From f744a5628bbc7c97065b9355282c97d4c4cb1d60 Mon Sep 17 00:00:00 2001
+From 77d7a0338ceecd3aa08f51f615cb22e3687b4c7e Mon Sep 17 00:00:00 2001
 From: Daniel Micay <danielmicay@gmail.com>
-Date: Mon, 29 May 2017 20:13:03 -0400
-Subject: [PATCH] Harden mounts and network
+Date: Wed, 28 Jun 2017 07:54:49 -0400
+Subject: [PATCH] Harden mounts
 
-Change-Id: I56e8371048f83f429009c3024f8aff99c9952d9c
+Change-Id: I46e3fc4ac896a509ab8ca90ae4ce09b820da434b
 ---
- init/init.cpp   |  6 +++---
- rootdir/init.rc | 16 ++++++++++++++++
- 2 files changed, 19 insertions(+), 3 deletions(-)
+ init/init.cpp   | 6 +++---
+ rootdir/init.rc | 1 +
+ 2 files changed, 4 insertions(+), 3 deletions(-)
 
 diff --git a/init/init.cpp b/init/init.cpp
 index 7a370596e..35bf44a7b 100755
@@ -28,7 +28,7 @@ index 7a370596e..35bf44a7b 100755
  
      // We must have some place other than / to create the device nodes for
 diff --git a/rootdir/init.rc b/rootdir/init.rc
-index 671c6b71f..a5da76318 100644
+index 31b4e3566..da2071b15 100644
 --- a/rootdir/init.rc
 +++ b/rootdir/init.rc
 @@ -126,6 +126,7 @@ on init
@@ -39,28 +39,6 @@ index 671c6b71f..a5da76318 100644
      write /proc/sys/kernel/kptr_restrict 2
      write /proc/sys/vm/mmap_min_addr 32768
      write /proc/sys/net/ipv4/ping_group_range "0 2147483647"
-@@ -144,6 +145,21 @@ on init
-     write /proc/sys/net/ipv4/conf/all/accept_redirects 0
-     write /proc/sys/net/ipv6/conf/all/accept_redirects 0
- 
-+    # IPv4 hardening
-+    #
-+    # reverse path filtering is done with netfilter for consistency with IPv6
-+    write /proc/sys/net/ipv4/tcp_rfc1337 1
-+    write /proc/sys/net/ipv4/conf/all/accept_source_route 0
-+    write /proc/sys/net/ipv4/conf/default/accept_source_route 0
-+    write /proc/sys/net/ipv4/conf/default/accept_redirects 0
-+    write /proc/sys/net/ipv4/conf/all/send_redirects 0
-+    write /proc/sys/net/ipv4/conf/default/send_redirects 0
-+
-+    # IPv6 hardening
-+    write /proc/sys/net/ipv6/conf/default/accept_redirects 0
-+    write /proc/sys/net/ipv6/conf/all/use_tempaddr 2
-+    write /proc/sys/net/ipv6/conf/default/use_tempaddr 2
-+
-     # Create cgroup mount points for process groups
-     mkdir /dev/cpuctl
-     mount cgroup none /dev/cpuctl cpu
 -- 
-2.13.0
+2.13.2
 
diff --git a/Patches/LineageOS-14.1/android_system_core/0002-Harden_Network.patch b/Patches/LineageOS-14.1/android_system_core/0002-Harden_Network.patch
new file mode 100644
index 00000000..b96582d6
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_system_core/0002-Harden_Network.patch
@@ -0,0 +1,72 @@
+From 104095f3a7590ccbd60f2b6dc4fc5242198469c5 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 28 Jun 2017 08:03:36 -0400
+Subject: [PATCH] Harden IPv4/6
+
+Credit: https://serverfault.com/a/811826
+Credit: https://linux-audit.com/linux-security-guide-for-hardening-ipv6/
+Credit: https://www.cyberciti.biz/faq/linux-kernel-etcsysctl-conf-security-hardening/
+
+Change-Id: I6941a9b418112ffeb68b4749b803b6e5558db039
+---
+ rootdir/init.rc | 44 +++++++++++++++++++++++++++++++++++++++++---
+ 1 file changed, 41 insertions(+), 3 deletions(-)
+
+diff --git a/rootdir/init.rc b/rootdir/init.rc
+index da2071b15..5676edbff 100644
+--- a/rootdir/init.rc
++++ b/rootdir/init.rc
+@@ -141,9 +141,47 @@ on init
+     # set fwmark on accepted sockets
+     write /proc/sys/net/ipv4/tcp_fwmark_accept 1
+ 
+-    # disable icmp redirects
+-    write /proc/sys/net/ipv4/conf/all/accept_redirects 0
+-    write /proc/sys/net/ipv6/conf/all/accept_redirects 0
++    # network hardening
++    write /proc/net/net/ipv4/conf/all/accept_redirects 0
++    write /proc/net/net/ipv4/conf/all/accept_source_route 0
++    write /proc/net/net/ipv4/conf/all/log_martians 1
++    write /proc/net/net/ipv4/conf/all/rp_filter 1
++    write /proc/net/net/ipv4/conf/all/secure_redirects 0
++    write /proc/net/net/ipv4/conf/all/send_redirects 0
++    write /proc/net/net/ipv4/conf/default/accept_redirects 0
++    write /proc/net/net/ipv4/conf/default/accept_source_route 0
++    write /proc/net/net/ipv4/conf/default/log_martians 1
++    write /proc/net/net/ipv4/conf/default/rp_filter 1
++    write /proc/net/net/ipv4/conf/default/secure_redirects 0
++    write /proc/net/net/ipv4/conf/default/send_redirects 0
++    write /proc/net/net/ipv4/icmp_echo_ignore_all 0
++    write /proc/net/net/ipv4/icmp_echo_ignore_broadcasts 1
++    write /proc/net/net/ipv4/icmp_errors_use_inbound_ifaddr 0
++    write /proc/net/net/ipv4/icmp_ignore_bogus_error_responses 1
++    write /proc/net/net/ipv4/ip_forward 0
++    write /proc/net/net/ipv4/tcp_rfc1337 1
++    write /proc/net/net/ipv4/tcp_syncookies 1
++    write /proc/net/net/ipv4/tcp_timestamps 1
++    write /proc/net/net/ipv6/conf/all/accept_ra_defrtr 0
++    write /proc/net/net/ipv6/conf/all/accept_ra_pinfo 0
++    write /proc/net/net/ipv6/conf/all/accept_ra_rtr_pref 0
++    write /proc/net/net/ipv6/conf/all/accept_redirects 0
++    write /proc/net/net/ipv6/conf/all/autoconf 0
++    write /proc/net/net/ipv6/conf/all/dad_transmits 0
++    write /proc/net/net/ipv6/conf/all/max_addresses 1
++    write /proc/net/net/ipv6/conf/all/router_solicitations 0
++    write /proc/net/net/ipv6/conf/all/use_tempaddr 2
++    write /proc/net/net/ipv6/conf/default/accept_ra_defrtr 0
++    write /proc/net/net/ipv6/conf/default/accept_ra_pinfo 0
++    write /proc/net/net/ipv6/conf/default/accept_ra_rtr_pref 0
++    write /proc/net/net/ipv6/conf/default/accept_redirects 0
++    write /proc/net/net/ipv6/conf/default/autoconf 0
++    write /proc/net/net/ipv6/conf/default/dad_transmits 0
++    write /proc/net/net/ipv6/conf/default/max_addresses 1
++    write /proc/net/net/ipv6/conf/default/router_solicitations 0
++    write /proc/net/net/ipv6/conf/default/use_tempaddr 2
++    write /proc/net/net/netfilter/nf_conntrack_max 500000
++    write /proc/net/net/netfilter/nf_conntrack_tcp_loose 0
+ 
+     # Create cgroup mount points for process groups
+     mkdir /dev/cpuctl
+-- 
+2.13.2
+
diff --git a/Patches/LineageOS-14.1/android_system_netd/0001-Harden_Network.patch b/Patches/LineageOS-14.1/android_system_netd/0001-Harden_Network.patch
new file mode 100644
index 00000000..e6d759d6
--- /dev/null
+++ b/Patches/LineageOS-14.1/android_system_netd/0001-Harden_Network.patch
@@ -0,0 +1,93 @@
+From f705d1c7cae38ca9070f24ff5c076b06ab827244 Mon Sep 17 00:00:00 2001
+From: Tad <tad@spotco.us>
+Date: Wed, 28 Jun 2017 08:19:00 -0400
+Subject: [PATCH] Harden network via iptables
+
+Change-Id: I37eca1211768b9d3aa63fa59a40112e35c5e8c62
+---
+ server/CommandListener.cpp | 69 ++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 69 insertions(+)
+
+diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp
+index b16da18..6aca8aa 100755
+--- a/server/CommandListener.cpp
++++ b/server/CommandListener.cpp
+@@ -230,6 +230,75 @@ CommandListener::CommandListener() :
+     createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
+     createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
+ 
++
++    //Drop incoming, drop routed, and allow outgoing
++    execIptables(V4V6, "-w", "-P", "INPUT", "DROP", NULL);
++    execIptables(V4V6, "-w", "-P", "FORWARD", "DROP", NULL);
++    execIptables(V4V6, "-w", "-P", "OUTPUT", "ACCEPT", NULL);
++    //Drop invalid packets
++    execIptables(V4V6, "-w", "-A", "INPUT", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-A", "OUTPUT", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-A", "FORWARD", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
++    //Drop TCP packets that are new and are not SYN
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "!", "--syn", "-m", "conntrack", "--ctstate", "NEW", "-j", "DROP", NULL);
++    //Drop SYN packets with suspicious MSS value
++    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "-m", "conntrack", "--ctstate", "NEW", "-m", "tcpmss", "!", "--mss", "536:65535", "-j", "DROP", NULL);
++    execIptables(V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "-m", "conntrack", "--ctstate", "NEW", "-m", "tcpmss", "!", "--mss", "1220:65535", "-j", "DROP", NULL);
++    //Drop packets with bogus TCP flags
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,SYN,RST,PSH,ACK,URG", "NONE", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,SYN", "FIN,SYN", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN,RST", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "SYN,FIN", "SYN,FIN", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,RST", "FIN,RST", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,ACK", "FIN", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,URG", "URG", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,FIN", "FIN", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,PSH", "PSH", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "ALL", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "NONE", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "FIN,PSH,URG", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "SYN,FIN,PSH,URG", "-j", "DROP", NULL);
++    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "SYN,RST,ACK,FIN,URG", "-j", "DROP", NULL);
++    //Drop spoofed packets
++    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-s", "0.0.0.0/8", "-j", "DROP", NULL);
++    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-s", "127.0.0.0/8", "!", "-i", "lo", "-j", "DROP", NULL);
++    //Drop fragments
++    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-f", "-j", "DROP", NULL);
++    //Limit connections per source IP
++    execIptables(V4V6, "-w", "-A", "INPUT", "-p", "tcp", "-m", "connlimit", "--connlimit-above", "64", "!", "-i", "lo", "-j", "REJECT", NULL);
++    //Allow certain ICMP types
++    execIptables(V4, "-w", "-A", "INPUT", "-p", "icmp", "--icmp-type", "0", "-m", "conntrack", "--ctstate", "NEW", "-j", "ACCEPT", NULL);
++    execIptables(V4, "-w", "-A", "INPUT", "-p", "icmp", "--icmp-type", "3", "-m", "conntrack", "--ctstate", "NEW", "-j", "ACCEPT", NULL);
++    execIptables(V4, "-w", "-A", "INPUT", "-p", "icmp", "--icmp-type", "8", "-m", "conntrack", "--ctstate", "NEW", "-j", "ACCEPT", NULL);
++    execIptables(V4, "-w", "-A", "INPUT", "-p", "icmp", "--icmp-type", "11", "-m", "conntrack", "--ctstate", "NEW", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "1", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "2", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "3", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "4", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "128", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "133", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "134", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "135", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "136", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "137", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "141", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "142", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "130", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "131", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "132", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "143", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "148", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-p", "ipv6-icmp", "--icmpv6-type", "149", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "151", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "152", "-j", "ACCEPT", NULL);
++    execIptables(V6, "-w", "-A", "INPUT", "-s", "fe80::/10", "-p", "ipv6-icmp", "--icmpv6-type", "153", "-j", "ACCEPT", NULL);
++    //Allow related/existing connections
++    execIptables(V4V6, "-w", "-A", "INPUT", "-i", "lo", "-j", "ACCEPT", NULL);
++    execIptables(V4V6, "-w", "-A", "OUTPUT", "-o", "lo", "-j", "ACCEPT", NULL);
++    execIptables(V4V6, "-w", "-A", "INPUT", "-m", "conntrack", "--ctstate", "ESTABLISHED,RELATED", "-j", "ACCEPT", NULL);
++    execIptables(V4V6, "-w", "-A", "OUTPUT", "-m", "conntrack", "--ctstate", "ESTABLISHED,RELATED", "-j", "ACCEPT", NULL);
++
++
+     // Let each module setup their child chains
+     setupOemIptablesHook();
+ 
+-- 
+2.13.2
+
diff --git a/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch b/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch
deleted file mode 100644
index ebccb57b..00000000
--- a/Patches/LineageOS-14.1/android_system_netd/0001-iptables.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 3ce5afa60fe949d5f4a272ebaed92bf24aad0b11 Mon Sep 17 00:00:00 2001
-From: Tad <tad@spotco.us>
-Date: Tue, 27 Jun 2017 23:18:10 -0400
-Subject: [PATCH] Network hardening via iptables
-
-Change-Id: I3a3d36af792641522e74ce45b0de3fa7ff791d58
----
- server/CommandListener.cpp | 28 ++++++++++++++++++++++++++++
- 1 file changed, 28 insertions(+)
-
-diff --git a/server/CommandListener.cpp b/server/CommandListener.cpp
-index b16da18..7f5e99d 100755
---- a/server/CommandListener.cpp
-+++ b/server/CommandListener.cpp
-@@ -230,6 +230,34 @@ CommandListener::CommandListener() :
-     createChildChains(V4, "nat", "PREROUTING", NAT_PREROUTING);
-     createChildChains(V4, "nat", "POSTROUTING", NAT_POSTROUTING);
- 
-+
-+    //Credit: https://javapipe.com/iptables-ddos-protection
-+    execIptables(V4V6, "-w", "-A", "INPUT", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-A", "OUTPUT", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-A", "FORWARD", "-m", "conntrack", "--ctstate", "INVALID", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "!", "--syn", "-m", "conntrack", "--ctstate", "NEW", "-j", "DROP", NULL);
-+    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "-m", "conntrack", "--ctstate", "NEW", "-m", "tcpmss", "!", "--mss", "536:65535", "-j", "DROP", NULL);
-+    execIptables(V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "-m", "conntrack", "--ctstate", "NEW", "-m", "tcpmss", "!", "--mss", "1220:65535", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,SYN,RST,PSH,ACK,URG", "NONE", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,SYN", "FIN,SYN", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "SYN,RST", "SYN,RST", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "SYN,FIN", "SYN,FIN", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,RST", "FIN,RST", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "FIN,ACK", "FIN", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,URG", "URG", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,FIN", "FIN", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ACK,PSH", "PSH", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "ALL", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "NONE", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "FIN,PSH,URG", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "SYN,FIN,PSH,URG", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-t", "raw", "-A", "PREROUTING", "-p", "tcp", "--tcp-flags", "ALL", "SYN,RST,ACK,FIN,URG", "-j", "DROP", NULL);
-+    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-s", "0.0.0.0/8", "-j", "DROP", NULL);
-+    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-s", "127.0.0.0/8", "!", "-i", "lo", "-j", "DROP", NULL);
-+    execIptables(V4, "-w", "-t", "raw", "-A", "PREROUTING", "-f", "-j", "DROP", NULL);
-+    execIptables(V4V6, "-w", "-A", "INPUT", "-p", "tcp", "-m", "connlimit", "--connlimit-above", "64", "!", "-i", "lo", "-j", "REJECT", NULL);
-+
-+
-     // Let each module setup their child chains
-     setupOemIptablesHook();
- 
--- 
-2.13.2
-
diff --git a/Scripts/LAOS-14.1_Patches.sh b/Scripts/LAOS-14.1_Patches.sh
index fd430b86..5e3e892e 100755
--- a/Scripts/LAOS-14.1_Patches.sh
+++ b/Scripts/LAOS-14.1_Patches.sh
@@ -154,10 +154,11 @@ patch -p1 < $patches"android_packages_inputmethods_LatinIME/0001-Voice.patch" #R
 
 enter "system/core"
 cat /tmp/ar/hosts >> rootdir/etc/hosts #Merge in our HOSTS file
-patch -p1 < $patches"android_system_core/0001-Hardening.patch" #Misc hardening
+patch -p1 < $patches"android_system_core/0001-Harden_Mounts.patch" #Harden mounts with nodev/noexec/nosuid
+patch -p1 < $patches"android_system_core/0002-Harden_Network.patch" #Harden network via sysctls
 
 enter "system/netd"
-patch -p1 < $patches"android_system_netd/0001-iptables.patch"; #Network hardening via iptables
+patch -p1 < $patches"android_system_netd/0001-Harden_Network.patch"; #Harden network via iptables
 
 enter "vendor/cm"
 awk -i inplace '!/50-cm.sh/' config/common.mk; #Make sure our hosts is always used