Bug #108: add an option to enable RFC1337 TCP TIME-WAIT hazards protection

author: Daniil Baturin <daniil@baturin.org> 2014-07-31 20:58:46 +0200
committer: Daniil Baturin <daniil@baturin.org> 2014-07-31 20:58:46 +0200
commit: dc90da2fd4ae505d4d57f6215e66c38966c909f7 (patch)
tree: dfe9606d7c9ffe2f33ecca36b52d6f37475945c1 /templates
parent: d8bca3dcac051a2e6b942fcc58df2145ea9ef894 (diff)
download: vyatta-cfg-firewall-dc90da2fd4ae505d4d57f6215e66c38966c909f7.tar.gz
vyatta-cfg-firewall-dc90da2fd4ae505d4d57f6215e66c38966c909f7.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/templates/firewall/twa-hazards-protection/node.def b/templates/firewall/twa-hazards-protection/node.def
new file mode 100644
index 0000000..e06cbb5
--- /dev/null
+++ b/templates/firewall/twa-hazards-protection/node.def
@@ -0,0 +1,20 @@
+type: txt
+
+help: RFC1337 TCP TIME-WAIT assasination hazards protection
+
+val_help: enable; Enable RFC1337 TIME-WAIT hazards protection
+val_help: disable; Disable RFC1337 TIME-WAIT hazards protection
+
+default: "disable"
+
+syntax:expression: $VAR(@) in "enable", "disable"; "twa-hazards-protection must be enable or disable"
+
+update:
+	if [ x$VAR(@) == xenable ]; then
+	    sudo sh -c "echo 1 > /proc/sys/net/ipv4/tcp_rfc1337"
+        else
+	    sudo sh -c "echo 0 > /proc/sys/net/ipv4/tcp_rfc1337"
+	fi
+
+delete:
+	sudo sh -c "echo 0 > /proc/sys/net/ipv4/tcp_rfc1337"
author	Daniil Baturin <daniil@baturin.org>	2014-07-31 20:58:46 +0200
committer	Daniil Baturin <daniil@baturin.org>	2014-07-31 20:58:46 +0200
commit	dc90da2fd4ae505d4d57f6215e66c38966c909f7 (patch)
tree	dfe9606d7c9ffe2f33ecca36b52d6f37475945c1 /templates
parent	d8bca3dcac051a2e6b942fcc58df2145ea9ef894 (diff)
download	vyatta-cfg-firewall-dc90da2fd4ae505d4d57f6215e66c38966c909f7.tar.gz vyatta-cfg-firewall-dc90da2fd4ae505d4d57f6215e66c38966c909f7.zip