From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 4 Mar 2014 08:56:34 +0000 (+0100)
Subject: make sure syncookies are enabled
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=6a8a75dbe14f85c4ac005305aaa4e70e0ba7d0bf;hp=5f0a912c4f27d3ebd743920a029c7f6cad2fdd64

make sure syncookies are enabled
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 3a4f2f4..140cbe6 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -627,6 +627,9 @@ sub enable_bridge_firewall {
     PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-iptables", "1");
     PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "1");
 
+    # make sure syncookies are enabled (which is default on newer 3.X kernels anyways)
+    PVE::ProcFSTools::write_proc_entry("/proc/sys/net/ipv4/tcp_syncookies", "1");
+
     $bridge_firewall_enabled = 1;
 }