From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 18 Apr 2024 21:11:44 +0000 (+0000)
Subject: sysctl: Conntrack: Disable picking up loose TCP connections
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=695c572993e9333507c235aebc602848c76039ce;p=people%2Fmfischer%2Fipfire-2.x.git

sysctl: Conntrack: Disable picking up loose TCP connections

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 51a804043..819076b80 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -35,6 +35,9 @@ net.ipv6.conf.default.disable_ipv6 = 1
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.default.accept_redirects = 0
 
+# Do not try to pick up existing TCP connections in conntrack
+net.netfilter.nf_conntrack_tcp_loose = 0
+
 # Enable netfilter accounting
 net.netfilter.nf_conntrack_acct = 1