From patchwork Sat Dec 15 03:54:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: ummeegge X-Patchwork-Id: 2001 Return-Path: Received: from mail01.ipfire.org (mail01.i.ipfire.org [172.28.1.200]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail01.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web07.i.ipfire.org (Postfix) with ESMTPS id 7CF048ABD87 for ; Fri, 14 Dec 2018 16:55:10 +0000 (GMT) Received: from mail01.i.ipfire.org (localhost [IPv6:::1]) by mail01.ipfire.org (Postfix) with ESMTP id 8B674205831C; Fri, 14 Dec 2018 16:55:09 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1544806509; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:list-id:list-unsubscribe:list-subscribe:list-post; bh=pc+8/IxerAIVogVzW+vuPp/BvsY2k0dNzl50N42xNVU=; b=yEIii1xH9S/FHQu/E5cugy5CFILTugvyktosMarLWz0r7v+oDKjj+hGhz1+XRKjIDZZEji Gcyg2Nb1GKoBADp7RWbE0Q5ccVwp4c/DYCbyf4KHmD7JHerXjmJeyA4tKp6ekyLSNqiFpE jVOEXdPgBUHMa5GyuMBc5VfSjQk3Do+TeYJv+K2DBosMIIP1k2upHY6sm0HbyhxnG7iUMs wiFQVXv7joFnLuKbPn3P7ACqXb1YZeFkRFYxOtNsxwZ5Imf/ayssokaJ45n95UKPZTlf9q /6/yXxCMRInhBF0xUJrj0JBvi+clYFujSG+av7BtlQ+hJgNp7hNZT8gPI4gfAQ== Received: from ipfire-server.local (i59F4D7FE.versanet.de [89.244.215.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 198CD201ABE9; Fri, 14 Dec 2018 16:55:07 +0000 (GMT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=201801; t=1544806507; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=pc+8/IxerAIVogVzW+vuPp/BvsY2k0dNzl50N42xNVU=; b=mjOCKw4y2GQs6GY/AK62bqnouoMn+IL4IyCjJCQsR9+JueyGfUxOCmmUheogKd2fboHL8Y 83AdPfkB2JD+gRmSCNoH94b/b0UcU4xAylskdXtEHlGTnJhlUQ3/pHNUJfBl4k+jblW2Fa HhUkhZW+Q1RRDJ4KcUSDxChCwNzuV/Gu9xGiOg4vAUa9WVlpnJU1pqbCbG7kqjlK/R9yl5 xIZEfs2KnmVIgY9KYkLGL8vixnZRXEmEEuK0LS4Yd46hpiC06OjpqH2X/c0S/is43XWUFj BL2YlQdoL2FjFab6DnoYeTW3e4vX0rvezMonREpDb8Emo4eF3hzuC6F5K5BzkQ== From: "erik.kapfer" To: development@lists.ipfire.org Subject: [PATCH v2] sysctl.conf: Enable TFO in sysctl Date: Fri, 14 Dec 2018 17:54:59 +0100 Message-Id: <20181214165459.28782-1-ummeegge@ipfire.org> X-Mailer: git-send-email 2.12.2 In-Reply-To: <20181214120332.5372-1-ummeegge@ipfire.org> References: <20181214120332.5372-1-ummeegge@ipfire.org> Authentication-Results: mail01.ipfire.org; auth=pass smtp.auth=ummeegge smtp.mailfrom=ummeegge@ipfire.org X-Spamd-Result: default: False [-6.10 / 11.00]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; REPLY(-4.00)[]; DKIM_SIGNED(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; MID_CONTAINS_FROM(1.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:8881, ipnet:89.244.208.0/20, country:DE]; RCVD_TLS_ALL(0.00)[]; BAYES_HAM(-3.00)[100.00%] X-Spam-Status: No, score=-6.10 X-Rspamd-Server: mail01.i.ipfire.org X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Fixes #11945 For further information see: https://tools.ietf.org/html/rfc7413#section-4.2.2 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt Signed-off-by: erik.kapfer --- config/etc/sysctl.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 4066af767..52b21efa4 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -13,6 +13,7 @@ net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_syn_retries = 3 net.ipv4.tcp_synack_retries = 3 +net.ipv4.tcp_fastopen = 3 net.ipv4.conf.default.arp_filter = 1 net.ipv4.conf.default.rp_filter = 0