Added tweaks file

2009-08-13 23:13:29 +00:00 · 2009-08-13 23:13:29 +00:00 · 871a7f2803
commit 871a7f2803
parent bc28e0b2d8
3 changed files with 28 additions and 3 deletions
--- a/options.default
+++ b/options.default
@ -6,7 +6,6 @@ IP6TABLES=/bin/true
 #IPTABLES=/sbin/iptables
 #IP6TABLES=/sbin/ip6tables

-
 # I'm trying to make this config as simple as possible.  Comment out
 # options you don't want to use, uncomment them to use them.

--- a/rc.firewall
+++ b/rc.firewall
@ -1,10 +1,11 @@
 #/bin/bash
-# v0.2
+# v0.3
 # By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org
+# URL: http://www.sosdg.org/freestuff/firewall
 # License: GPLv3

 BASEDIR=/etc/firewall-sosdg
+TWEAKS=$BASEDIR/tweaks
 #BASEDIR=`pwd`

 . $BASEDIR/options
@ -191,4 +192,11 @@ if [ $IPV6 ]; then
 	fi
 fi

+if [ $TWEAKS ]; then
+	for i in `grep -v "\#" $TWEAKS`; do
+		PROCOPT=( ${i//=/ } )
+		echo ${PROCOPT[1]} > /proc/sys/net/${PROCOPT[0]} &>/dev/null
+	done
+fi
+
 $BASEDIR/postrun
--- a/18
+++ b/18
@ -0,0 +1,18 @@
+# Firewall tweaks.  If you don't know what these do, don't touch them
+#netfilter/nf_conntrack_max=16380
+#netfilter/nf_conntrack_tcp_loose=1
+#netfilter/nf_conntrack_tcp_be_liberal=1
+#netfilter/nf_conntrack_udp_timeout=30
+#netfilter/nf_conntrack_udp_timeout_stream=180
+#netfilter/nf_conntrack_icmp_timeout=30
+#netfilter/nf_conntrack_generic_timeout=600
+#netfilter/nf_conntrack_tcp_timeout_syn_sent=120
+#netfilter/nf_conntrack_tcp_timeout_syn_recv=60
+#netfilter/nf_conntrack_tcp_timeout_established=432000
+#netfilter/nf_conntrack_tcp_timeout_fin_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close_wait=60
+#netfilter/nf_conntrack_tcp_timeout_last_ack=30
+#netfilter/nf_conntrack_tcp_timeout_time_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close=10
+#netfilter/nf_conntrack_tcp_timeout_max_retrans=300
+#netfilter/nf_conntrack_tcp_timeout_unacknowledged=300