[PATCH 6/6] sysctl: Conntrack: Disable picking up loose TCP connections

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- config/etc/sysctl.conf | 3 +++ 1 file changed, 3 insertions(+)

diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index 31a220e38..e35ee0dc4 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -35,6 +35,9 @@ net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.all.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0

+# Do not try to pick up existing TCP connections in conntrack +net.netfilter.nf_conntrack_tcp_loose = 0 + # Enable netfilter accounting net.netfilter.nf_conntrack_acct = 1