- system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables");
- system("echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables");
+ PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-iptables", "1");
+ PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "1");
+
+ # make sure syncookies are enabled (which is default on newer 3.X kernels anyways)
+ PVE::ProcFSTools::write_proc_entry("/proc/sys/net/ipv4/tcp_syncookies", "1");