Added tweaks file

options.default

@@ -6,7 +6,6 @@ IP6TABLES=/bin/true
 #IPTABLES=/sbin/iptables
 #IP6TABLES=/sbin/ip6tables
 
-
 # I'm trying to make this config as simple as possible.  Comment out
 # options you don't want to use, uncomment them to use them.
 

rc.firewall

@@ -1,10 +1,11 @@
 #/bin/bash
-# v0.2
+# v0.3
 # By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org
+# URL: http://www.sosdg.org/freestuff/firewall
 # License: GPLv3
 
 BASEDIR=/etc/firewall-sosdg
+TWEAKS=$BASEDIR/tweaks
 #BASEDIR=`pwd`
 
 . $BASEDIR/options
@@ -191,4 +192,11 @@ if [ $IPV6 ]; then
 	fi
 fi
 
+if [ $TWEAKS ]; then
+	for i in `grep -v "\#" $TWEAKS`; do
+		PROCOPT=( ${i//=/ } )
+		echo ${PROCOPT[1]} > /proc/sys/net/${PROCOPT[0]} &>/dev/null
+	done
+fi
+
 $BASEDIR/postrun

tweaks

@@ -0,0 +1,18 @@
+# Firewall tweaks.  If you don't know what these do, don't touch them
+#netfilter/nf_conntrack_max=16380
+#netfilter/nf_conntrack_tcp_loose=1
+#netfilter/nf_conntrack_tcp_be_liberal=1
+#netfilter/nf_conntrack_udp_timeout=30
+#netfilter/nf_conntrack_udp_timeout_stream=180
+#netfilter/nf_conntrack_icmp_timeout=30
+#netfilter/nf_conntrack_generic_timeout=600
+#netfilter/nf_conntrack_tcp_timeout_syn_sent=120
+#netfilter/nf_conntrack_tcp_timeout_syn_recv=60
+#netfilter/nf_conntrack_tcp_timeout_established=432000
+#netfilter/nf_conntrack_tcp_timeout_fin_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close_wait=60
+#netfilter/nf_conntrack_tcp_timeout_last_ack=30
+#netfilter/nf_conntrack_tcp_timeout_time_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close=10
+#netfilter/nf_conntrack_tcp_timeout_max_retrans=300
+#netfilter/nf_conntrack_tcp_timeout_unacknowledged=300