From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 1 Mar 2018 15:21:13 +0000 (+0000)
Subject: firewall: Enable ECN by default
X-Git-Tag: 010~152
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d7a8bf5ea4484d33b42f150eaf2fa4ffc9adea74;p=network.git

firewall: Enable ECN by default

Apple has tried this and it seems to be safe now

https://www.ietf.org/proceedings/98/slides/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/man/firewall-settings.xml b/man/firewall-settings.xml
index 6870d1fe..60626368 100644
--- a/man/firewall-settings.xml
+++ b/man/firewall-settings.xml
@@ -254,7 +254,7 @@
 
 			<varlistentry>
 				<term>
-					<varname>FIREWALL_USE_ECN</varname> = [true|<emphasis>false</emphasis>]
+					<varname>FIREWALL_USE_ECN</varname> = [<emphasis>true</emphasis>|false]
 				</term>
 
 				<listitem>
diff --git a/src/functions/functions.constants-firewall b/src/functions/functions.constants-firewall
index f1eaf505..d42189aa 100644
--- a/src/functions/functions.constants-firewall
+++ b/src/functions/functions.constants-firewall
@@ -74,7 +74,7 @@ FIREWALL_ACCEPT_ICMP_REDIRECTS="false"
 FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
 
 # ECN (Explicit Congestion Notification)
-FIREWALL_USE_ECN="false"
+FIREWALL_USE_ECN="true"
 FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
 
 # Path MTU discovery