Apple has tried this and it seems to be safe now
https://www.ietf.org/proceedings/98/slides/slides-98-maprg-tcp-ecn-experience-with-enabling-ecn-on-the-internet-padma-bhooma-00.pdf
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
<varlistentry>
<term>
- <varname>FIREWALL_USE_ECN</varname> = [true|<emphasis>false</emphasis>]
+ <varname>FIREWALL_USE_ECN</varname> = [<emphasis>true</emphasis>|false]
</term>
<listitem>
FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
# ECN (Explicit Congestion Notification)
-FIREWALL_USE_ECN="false"
+FIREWALL_USE_ECN="true"
FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
# Path MTU discovery