Release 2.0. Yay\!

7 years ago · 613ca9e966
--- a/+ 4
+++ b/+ 4
@@ -1,3 +1,7 @@
 2.00 Release
 	- Add common options for sysctl/proc tweaking of network settings
 	- Yay stable release!

 2.00 Alpha 3 -
 	- Give people knobs to tinker with regarding state matching.  Kills
 		multiple birds with one stone.
--- a/bin/srfirewall
+++ b/bin/srfirewall
@@ -236,5 +236,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
 	[[ ${Enablev6Forwarding} == "yes" ]] && enable_forwarding ipv6
 	[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
 	[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
 	[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
 fi

--- a/etc/tweaks.conf
+++ b/etc/tweaks.conf
@@ -0,0 +1,47 @@
 # Tweak Common Network Settings
 # These are common settings that you can change to adjust how
 # the kernel networking works.  This file is passed to sysctl via
 # the -p flag and will override existing settings.
 #
 # Playing with these settings could break things, so change them
 # at your own risk.

 #net.ipv4.conf.all.forwarding=0
 #net.ipv4.conf.default.forwarding=0
 #net.ipv4.tcp_tw_recycle=0
 #net.ipv4.tcp_tw_reuse=0
 #net.ipv4.tcp_mtu_probing=1
 #net.ipv4.ip_local_port_range=20000 65535
 #net.ipv4.tcp_window_scaling=1
 #net.ipv4.tcp_sack=1
 #net.ipv4.conf.all.accept_source_route=0
 #net.ipv4.conf.all.secure_redirects=1

 #net.ipv6.conf.all.forwarding=0
 #net.ipv6.conf.default.forwarding=0


 #net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
 #net.netfilter.nf_conntrack_timestamp=1

 #net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
 #net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
 #net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
 #net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
 #net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
 #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
--- a/lib/binaries.inc
+++ b/lib/binaries.inc
@@ -23,6 +23,8 @@ MODPROBE=`which modprobe`
 IPTABLES=`which iptables`
 IP6TABLES=`which ip6tables`
 GREP=`which grep`
 SYSCTL=`which sysctl`

 IP4TablesMod="ip_tables"
 IP6TablesMod="ip6_tables"
 IP6TablesMod="ip6_tables"
 SysCTL=`which sysctl`
--- a/lib/kernel.inc
+++ b/lib/kernel.inc
@@ -27,4 +27,12 @@ function load_kernel_modules {
 		${MODPROBE} ${i}
 	done
 	${debug} ${DebugColor} "\n${FUNCNAME}:${DEFAULT_COLOR} done."
 }

 function sysctl_tweaks {
 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
 	if [ -e "${FWCONFIGDIR}/tweaks.conf" ]; then
 		${SYSCTL} -p "${FWCONFIGDIR}/tweaks.conf"
 	fi
 	${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
 }