Release 2.0. Yay\!
parent
3701804013
commit
613ca9e966
|
@ -1,3 +1,7 @@
|
|||
2.00 Release
|
||||
- Add common options for sysctl/proc tweaking of network settings
|
||||
- Yay stable release!
|
||||
|
||||
2.00 Alpha 3 -
|
||||
- Give people knobs to tinker with regarding state matching. Kills
|
||||
multiple birds with one stone.
|
||||
|
|
|
@ -236,5 +236,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
|
|||
[[ ${Enablev6Forwarding} == "yes" ]] && enable_forwarding ipv6
|
||||
[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
|
||||
[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
|
||||
[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
|
||||
fi
|
||||
|
||||
|
|
|
@ -0,0 +1,47 @@
|
|||
# Tweak Common Network Settings
|
||||
# These are common settings that you can change to adjust how
|
||||
# the kernel networking works. This file is passed to sysctl via
|
||||
# the -p flag and will override existing settings.
|
||||
#
|
||||
# Playing with these settings could break things, so change them
|
||||
# at your own risk.
|
||||
|
||||
#net.ipv4.conf.all.forwarding=0
|
||||
#net.ipv4.conf.default.forwarding=0
|
||||
#net.ipv4.tcp_tw_recycle=0
|
||||
#net.ipv4.tcp_tw_reuse=0
|
||||
#net.ipv4.tcp_mtu_probing=1
|
||||
#net.ipv4.ip_local_port_range=20000 65535
|
||||
#net.ipv4.tcp_window_scaling=1
|
||||
#net.ipv4.tcp_sack=1
|
||||
#net.ipv4.conf.all.accept_source_route=0
|
||||
#net.ipv4.conf.all.secure_redirects=1
|
||||
|
||||
#net.ipv6.conf.all.forwarding=0
|
||||
#net.ipv6.conf.default.forwarding=0
|
||||
|
||||
|
||||
#net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
|
||||
#net.netfilter.nf_conntrack_timestamp=1
|
||||
|
||||
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
|
||||
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
|
||||
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
|
||||
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
|
||||
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
|
||||
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
|
|
@ -23,6 +23,8 @@ MODPROBE=`which modprobe`
|
|||
IPTABLES=`which iptables`
|
||||
IP6TABLES=`which ip6tables`
|
||||
GREP=`which grep`
|
||||
SYSCTL=`which sysctl`
|
||||
|
||||
IP4TablesMod="ip_tables"
|
||||
IP6TablesMod="ip6_tables"
|
||||
SysCTL=`which sysctl`
|
|
@ -28,3 +28,11 @@ function load_kernel_modules {
|
|||
done
|
||||
${debug} ${DebugColor} "\n${FUNCNAME}:${DEFAULT_COLOR} done."
|
||||
}
|
||||
|
||||
function sysctl_tweaks {
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
|
||||
if [ -e "${FWCONFIGDIR}/tweaks.conf" ]; then
|
||||
${SYSCTL} -p "${FWCONFIGDIR}/tweaks.conf"
|
||||
fi
|
||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
|
||||
}
|
Loading…
Reference in New Issue