Release 2.0. Yay\!

master
bbruns 2014-05-12 21:07:40 +00:00
parent 3701804013
commit 613ca9e966
5 changed files with 63 additions and 1 deletions

View File

@ -1,3 +1,7 @@
2.00 Release
- Add common options for sysctl/proc tweaking of network settings
- Yay stable release!
2.00 Alpha 3 -
- Give people knobs to tinker with regarding state matching. Kills
multiple birds with one stone.

View File

@ -236,5 +236,6 @@ if [ "${EnableIPv6}" == "yes" ]; then
[[ ${Enablev6Forwarding} == "yes" ]] && enable_forwarding ipv6
[[ ${Enablev6NAT} == "yes" ]] && enable_nat ipv6
[[ ${Enablev6PortForwarding} == "yes" ]] && enable_portfw ipv6
[[ ${EnableSysctlTweaks} == "yes" ]] && sysctl_tweaks
fi

47
etc/tweaks.conf Normal file
View File

@ -0,0 +1,47 @@
# Tweak Common Network Settings
# These are common settings that you can change to adjust how
# the kernel networking works. This file is passed to sysctl via
# the -p flag and will override existing settings.
#
# Playing with these settings could break things, so change them
# at your own risk.
#net.ipv4.conf.all.forwarding=0
#net.ipv4.conf.default.forwarding=0
#net.ipv4.tcp_tw_recycle=0
#net.ipv4.tcp_tw_reuse=0
#net.ipv4.tcp_mtu_probing=1
#net.ipv4.ip_local_port_range=20000 65535
#net.ipv4.tcp_window_scaling=1
#net.ipv4.tcp_sack=1
#net.ipv4.conf.all.accept_source_route=0
#net.ipv4.conf.all.secure_redirects=1
#net.ipv6.conf.all.forwarding=0
#net.ipv6.conf.default.forwarding=0
#net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
#net.netfilter.nf_conntrack_timestamp=1
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3

View File

@ -23,6 +23,8 @@ MODPROBE=`which modprobe`
IPTABLES=`which iptables`
IP6TABLES=`which ip6tables`
GREP=`which grep`
SYSCTL=`which sysctl`
IP4TablesMod="ip_tables"
IP6TablesMod="ip6_tables"
IP6TablesMod="ip6_tables"
SysCTL=`which sysctl`

View File

@ -27,4 +27,12 @@ function load_kernel_modules {
${MODPROBE} ${i}
done
${debug} ${DebugColor} "\n${FUNCNAME}:${DEFAULT_COLOR} done."
}
function sysctl_tweaks {
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} loading"
if [ -e "${FWCONFIGDIR}/tweaks.conf" ]; then
${SYSCTL} -p "${FWCONFIGDIR}/tweaks.conf"
fi
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
}