firewall: Enable ECN by default

Apple has tried this and it seems to be safe now

https://www.ietf.org/proceedings/98/slides/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/man/firewall-settings.xml b/man/firewall-settings.xml
index 6870d1fe3609b007e23bf7da6d64a200a274bc61..60626368c25df69bffed4aed366d594d21916d8d 100644 (file)
--- a/man/firewall-settings.xml
+++ b/man/firewall-settings.xml
@@ -254,7 +254,7 @@
 
                        <varlistentry>
                                <term>
-                                       <varname>FIREWALL_USE_ECN</varname> = [true|<emphasis>false</emphasis>]
+                                       <varname>FIREWALL_USE_ECN</varname> = [<emphasis>true</emphasis>|false]
                                </term>
 
                                <listitem>

diff --git a/src/functions/functions.constants-firewall b/src/functions/functions.constants-firewall
index f1eaf505b5531c10b0c80a9dcc275ffe3597457a..d42189aae9179d8c186207744238844e5ce42363 100644 (file)
--- a/src/functions/functions.constants-firewall
+++ b/src/functions/functions.constants-firewall
@@ -74,7 +74,7 @@ FIREWALL_ACCEPT_ICMP_REDIRECTS="false"
 FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
 
 # ECN (Explicit Congestion Notification)
-FIREWALL_USE_ECN="false"
+FIREWALL_USE_ECN="true"
 FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
 
 # Path MTU discovery