From 6a8a75dbe14f85c4ac005305aaa4e70e0ba7d0bf Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Tue, 4 Mar 2014 09:56:34 +0100
Subject: [PATCH] make sure syncookies are enabled

---
 src/PVE/Firewall.pm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 3a4f2f4..140cbe6 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -627,6 +627,9 @@ sub enable_bridge_firewall {
     PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-iptables", "1");
     PVE::ProcFSTools::write_proc_entry("/proc/sys/net/bridge/bridge-nf-call-ip6tables", "1");
 
+    # make sure syncookies are enabled (which is default on newer 3.X kernels anyways)
+    PVE::ProcFSTools::write_proc_entry("/proc/sys/net/ipv4/tcp_syncookies", "1");
+
     $bridge_firewall_enabled = 1;
 }
 
-- 
2.39.2