sysctl: Conntrack: Disable picking up loose TCP connections

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 18 Apr 2024 21:11:44 +0000 (21:11 +0000)

committer Michael Tremer <michael.tremer@ipfire.org>

Tue, 2 Jul 2024 09:30:28 +0000 (09:30 +0000)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 18 Apr 2024 21:11:44 +0000 (21:11 +0000)
committer Michael Tremer <michael.tremer@ipfire.org>
Tue, 2 Jul 2024 09:30:28 +0000 (09:30 +0000)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index 51a80404303b81b003f1a19a327fc50e32e2a118..819076b8019cc7de5af7f2cccecd9a39b4d36254 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -35,6 +35,9 @@ net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.all.accept_redirects = 0
  net.ipv6.conf.default.accept_redirects = 0
  
+# Do not try to pick up existing TCP connections in conntrack
+net.netfilter.nf_conntrack_tcp_loose = 0
+
  # Enable netfilter accounting
  net.netfilter.nf_conntrack_acct = 1
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 18 Apr 2024 21:11:44 +0000 (21:11 +0000)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Tue, 2 Jul 2024 09:30:28 +0000 (09:30 +0000)