Added tweaks file

master
bruns@2mbit.com 2009-08-13 23:13:29 +00:00
parent bc28e0b2d8
commit 871a7f2803
3 changed files with 28 additions and 3 deletions

View File

@ -6,7 +6,6 @@ IP6TABLES=/bin/true
#IPTABLES=/sbin/iptables
#IP6TABLES=/sbin/ip6tables
# I'm trying to make this config as simple as possible. Comment out
# options you don't want to use, uncomment them to use them.

View File

@ -1,10 +1,11 @@
#/bin/bash
# v0.2
# v0.3
# By Brielle Bruns <bruns@2mbit.com>
# URL: http://www.sosdg.org
# URL: http://www.sosdg.org/freestuff/firewall
# License: GPLv3
BASEDIR=/etc/firewall-sosdg
TWEAKS=$BASEDIR/tweaks
#BASEDIR=`pwd`
. $BASEDIR/options
@ -191,4 +192,11 @@ if [ $IPV6 ]; then
fi
fi
if [ $TWEAKS ]; then
for i in `grep -v "\#" $TWEAKS`; do
PROCOPT=( ${i//=/ } )
echo ${PROCOPT[1]} > /proc/sys/net/${PROCOPT[0]} &>/dev/null
done
fi
$BASEDIR/postrun

18
tweaks Normal file
View File

@ -0,0 +1,18 @@
# Firewall tweaks. If you don't know what these do, don't touch them
#netfilter/nf_conntrack_max=16380
#netfilter/nf_conntrack_tcp_loose=1
#netfilter/nf_conntrack_tcp_be_liberal=1
#netfilter/nf_conntrack_udp_timeout=30
#netfilter/nf_conntrack_udp_timeout_stream=180
#netfilter/nf_conntrack_icmp_timeout=30
#netfilter/nf_conntrack_generic_timeout=600
#netfilter/nf_conntrack_tcp_timeout_syn_sent=120
#netfilter/nf_conntrack_tcp_timeout_syn_recv=60
#netfilter/nf_conntrack_tcp_timeout_established=432000
#netfilter/nf_conntrack_tcp_timeout_fin_wait=120
#netfilter/nf_conntrack_tcp_timeout_close_wait=60
#netfilter/nf_conntrack_tcp_timeout_last_ack=30
#netfilter/nf_conntrack_tcp_timeout_time_wait=120
#netfilter/nf_conntrack_tcp_timeout_close=10
#netfilter/nf_conntrack_tcp_timeout_max_retrans=300
#netfilter/nf_conntrack_tcp_timeout_unacknowledged=300