From 871a7f2803f715728d37d100d6075fbd531b7e2f Mon Sep 17 00:00:00 2001
From: "bruns@2mbit.com" <bruns@2mbit.com@e5899ace-8841-11de-95b9-8f387cfb8bc3>
Date: Thu, 13 Aug 2009 23:13:29 +0000
Subject: [PATCH] Added tweaks file

---
 options.default |  1 -
 rc.firewall     | 12 ++++++++++--
 tweaks          | 18 ++++++++++++++++++
 3 files changed, 28 insertions(+), 3 deletions(-)
 create mode 100644 tweaks

diff --git a/options.default b/options.default
index c529957..3803ead 100755
--- a/options.default
+++ b/options.default
@@ -6,7 +6,6 @@ IP6TABLES=/bin/true
 #IPTABLES=/sbin/iptables
 #IP6TABLES=/sbin/ip6tables
 
-
 # I'm trying to make this config as simple as possible.  Comment out
 # options you don't want to use, uncomment them to use them.
 
diff --git a/rc.firewall b/rc.firewall
index 0a139e0..0f80b60 100755
--- a/rc.firewall
+++ b/rc.firewall
@@ -1,10 +1,11 @@
 #/bin/bash
-# v0.2
+# v0.3
 # By Brielle Bruns <bruns@2mbit.com>
-# URL: http://www.sosdg.org
+# URL: http://www.sosdg.org/freestuff/firewall
 # License: GPLv3
 
 BASEDIR=/etc/firewall-sosdg
+TWEAKS=$BASEDIR/tweaks
 #BASEDIR=`pwd`
 
 . $BASEDIR/options
@@ -191,4 +192,11 @@ if [ $IPV6 ]; then
 	fi
 fi
 
+if [ $TWEAKS ]; then
+	for i in `grep -v "\#" $TWEAKS`; do
+		PROCOPT=( ${i//=/ } )
+		echo ${PROCOPT[1]} > /proc/sys/net/${PROCOPT[0]} &>/dev/null
+	done
+fi
+
 $BASEDIR/postrun
diff --git a/tweaks b/tweaks
new file mode 100644
index 0000000..b9ba1a4
--- /dev/null
+++ b/tweaks
@@ -0,0 +1,18 @@
+# Firewall tweaks.  If you don't know what these do, don't touch them
+#netfilter/nf_conntrack_max=16380
+#netfilter/nf_conntrack_tcp_loose=1
+#netfilter/nf_conntrack_tcp_be_liberal=1
+#netfilter/nf_conntrack_udp_timeout=30
+#netfilter/nf_conntrack_udp_timeout_stream=180
+#netfilter/nf_conntrack_icmp_timeout=30
+#netfilter/nf_conntrack_generic_timeout=600
+#netfilter/nf_conntrack_tcp_timeout_syn_sent=120
+#netfilter/nf_conntrack_tcp_timeout_syn_recv=60
+#netfilter/nf_conntrack_tcp_timeout_established=432000
+#netfilter/nf_conntrack_tcp_timeout_fin_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close_wait=60
+#netfilter/nf_conntrack_tcp_timeout_last_ack=30
+#netfilter/nf_conntrack_tcp_timeout_time_wait=120
+#netfilter/nf_conntrack_tcp_timeout_close=10
+#netfilter/nf_conntrack_tcp_timeout_max_retrans=300
+#netfilter/nf_conntrack_tcp_timeout_unacknowledged=300