[6/6] sysctl: Conntrack: Disable picking up loose TCP connections
Commit Message
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
config/etc/sysctl.conf | 3 +++
1 file changed, 3 insertions(+)
@@ -35,6 +35,9 @@ net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
+# Do not try to pick up existing TCP connections in conntrack
+net.netfilter.nf_conntrack_tcp_loose = 0
+
# Enable netfilter accounting
net.netfilter.nf_conntrack_acct = 1