Browse Source

Added tweaks file

bruns@2mbit.com 9 years ago
parent
commit
871a7f2803
3 changed files with 28 additions and 3 deletions
  1. 0
    1
      options.default
  2. 10
    2
      rc.firewall
  3. 18
    0
      tweaks

+ 0
- 1
options.default View File

@@ -6,7 +6,6 @@ IP6TABLES=/bin/true
6 6
 #IPTABLES=/sbin/iptables
7 7
 #IP6TABLES=/sbin/ip6tables
8 8
 
9
-
10 9
 # I'm trying to make this config as simple as possible.  Comment out
11 10
 # options you don't want to use, uncomment them to use them.
12 11
 

+ 10
- 2
rc.firewall View File

@@ -1,10 +1,11 @@
1 1
 #/bin/bash
2
-# v0.2
2
+# v0.3
3 3
 # By Brielle Bruns <bruns@2mbit.com>
4
-# URL: http://www.sosdg.org
4
+# URL: http://www.sosdg.org/freestuff/firewall
5 5
 # License: GPLv3
6 6
 
7 7
 BASEDIR=/etc/firewall-sosdg
8
+TWEAKS=$BASEDIR/tweaks
8 9
 #BASEDIR=`pwd`
9 10
 
10 11
 . $BASEDIR/options
@@ -191,4 +192,11 @@ if [ $IPV6 ]; then
191 192
 	fi
192 193
 fi
193 194
 
195
+if [ $TWEAKS ]; then
196
+	for i in `grep -v "\#" $TWEAKS`; do
197
+		PROCOPT=( ${i//=/ } )
198
+		echo ${PROCOPT[1]} > /proc/sys/net/${PROCOPT[0]} &>/dev/null
199
+	done
200
+fi
201
+
194 202
 $BASEDIR/postrun

+ 18
- 0
tweaks View File

@@ -0,0 +1,18 @@
1
+# Firewall tweaks.  If you don't know what these do, don't touch them
2
+#netfilter/nf_conntrack_max=16380
3
+#netfilter/nf_conntrack_tcp_loose=1
4
+#netfilter/nf_conntrack_tcp_be_liberal=1
5
+#netfilter/nf_conntrack_udp_timeout=30
6
+#netfilter/nf_conntrack_udp_timeout_stream=180
7
+#netfilter/nf_conntrack_icmp_timeout=30
8
+#netfilter/nf_conntrack_generic_timeout=600
9
+#netfilter/nf_conntrack_tcp_timeout_syn_sent=120
10
+#netfilter/nf_conntrack_tcp_timeout_syn_recv=60
11
+#netfilter/nf_conntrack_tcp_timeout_established=432000
12
+#netfilter/nf_conntrack_tcp_timeout_fin_wait=120
13
+#netfilter/nf_conntrack_tcp_timeout_close_wait=60
14
+#netfilter/nf_conntrack_tcp_timeout_last_ack=30
15
+#netfilter/nf_conntrack_tcp_timeout_time_wait=120
16
+#netfilter/nf_conntrack_tcp_timeout_close=10
17
+#netfilter/nf_conntrack_tcp_timeout_max_retrans=300
18
+#netfilter/nf_conntrack_tcp_timeout_unacknowledged=300

Loading…
Cancel
Save