sysctl: Conntrack: Disable picking up loose TCP connections

author Michael Tremer <michael.tremer@ipfire.org>

Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)
author Michael Tremer <michael.tremer@ipfire.org>
Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index 31a220e384ea44ceb9d85b9257f03188f7474733..e35ee0dc4620a12c847b8e75cda30d627a407f2c 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -35,6 +35,9 @@ net.ipv6.conf.default.disable_ipv6 = 1
  net.ipv6.conf.all.accept_redirects = 0
  net.ipv6.conf.default.accept_redirects = 0
  
+# Do not try to pick up existing TCP connections in conntrack
+net.netfilter.nf_conntrack_tcp_loose = 0
+
  # Enable netfilter accounting
  net.netfilter.nf_conntrack_acct = 1
author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 18 Apr 2024 20:30:45 +0000 (21:30 +0100)