Release 2.0. Yay\!

CHANGELOG

@@ -1,3 +1,7 @@
+2.00 Release
+	- Add common options for sysctl/proc tweaking of network settings
+	- Yay stable release!
+
 2.00 Alpha 3 -
 	- Give people knobs to tinker with regarding state matching.  Kills
 		multiple birds with one stone.

bin/srfirewall

@@ -236,5 +236,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
 	[[ ${Enablev6Forwarding} == "yes" ]] && enable_forwarding ipv6
 	[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
 	[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
+	[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
 fi
 

etc/tweaks.conf

@@ -0,0 +1,47 @@
+# Tweak Common Network Settings
+# These are common settings that you can change to adjust how
+# the kernel networking works.  This file is passed to sysctl via
+# the -p flag and will override existing settings.
+#
+# Playing with these settings could break things, so change them
+# at your own risk.
+
+#net.ipv4.conf.all.forwarding=0
+#net.ipv4.conf.default.forwarding=0
+#net.ipv4.tcp_tw_recycle=0
+#net.ipv4.tcp_tw_reuse=0
+#net.ipv4.tcp_mtu_probing=1
+#net.ipv4.ip_local_port_range=20000 65535
+#net.ipv4.tcp_window_scaling=1
+#net.ipv4.tcp_sack=1
+#net.ipv4.conf.all.accept_source_route=0
+#net.ipv4.conf.all.secure_redirects=1
+
+#net.ipv6.conf.all.forwarding=0
+#net.ipv6.conf.default.forwarding=0
+
+
+#net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
+#net.netfilter.nf_conntrack_timestamp=1
+
+#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
+#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
+#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
+#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
+#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
+#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3

lib/binaries.inc

@@ -23,6 +23,8 @@ MODPROBE=`which modprobe`
 IPTABLES=`which iptables`
 IP6TABLES=`which ip6tables`
 GREP=`which grep`
+SYSCTL=`which sysctl`
 
 IP4TablesMod="ip_tables"
 IP6TablesMod="ip6_tables"
+SysCTL=`which sysctl`

lib/kernel.inc

@@ -28,3 +28,11 @@ function load_kernel_modules {
 	done
 	${debug} ${DebugColor} "\n${FUNCNAME}:${DEFAULT_COLOR} done."
 }
+
+function sysctl_tweaks {
+	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
+	if [ -e "${FWCONFIGDIR}/tweaks.conf" ]; then
+		${SYSCTL} -p "${FWCONFIGDIR}/tweaks.conf"
+	fi
+	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
+}