From 0d0ddec282051e63c4ed89779e720a65105461d8 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Fri, 18 Apr 2014 10:35:26 +0100 Subject: [PATCH] Enable syn cookies in a better way --- beaglebone.txt | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/beaglebone.txt b/beaglebone.txt index 246ce706..3374ef59 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -1010,14 +1010,6 @@ Enter the following: #+BEGIN_SRC: bash #!/bin/bash -# Enable syn cookies -echo 1 > /proc/sys/net/ipv4/tcp_syncookies - -# Other settings -echo 1 > /proc/sys/net/ipv4/tcp_keepalive_probes -echo 2 > /proc/sys/net/ipv4/tcp_synack_retries -echo 1 > /proc/sys/net/ipv4/tcp_syn_retries - # First of all delete any existing rules. # This means you're back to a known state: iptables -P INPUT ACCEPT @@ -1168,6 +1160,7 @@ emacs /etc/sysctl.conf Uncomment or change the following: #+BEGIN_SRC: bash +net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.all.send_redirects = 0 @@ -1184,9 +1177,18 @@ And append the following: #+BEGIN_SRC: bash # ignore pings net.ipv4.icmp_echo_ignore_all = 1 +net.ipv6.icmp_echo_ignore_all = 1 # disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 + +net.ipv4.tcp_synack_retries = 2 +net.ipv4.tcp_syn_retries = 1 + +# keepalive +net.ipv4.tcp_keepalive_probes = 9 +net.ipv4.tcp_keepalive_intvl = 75 +net.ipv4.tcp_keepalive_time = 7200 #+END_SRC Save and exit. It may be a good idea to reboot at this point and then log back into the BBB using ssh. You can do a safe reboot of the system by typing: