summaryrefslogtreecommitdiff
path: root/templates/firewall/syn-cookies/node.def
blob: 282a3501ee666f8b15c193024d3cdece160e9e2f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# tcp_syncookies 
# default value - 1 
# Send out syncookies when the syn backlog queue of a socket overflows. 
# This is to prevent against the common 'syn flood attack' 

type: txt

help: Policy for using TCP SYN cookies with IPv4

comp_help:Possible completions:
  enable\tEnable use of TCP SYN cookies with IPv4
  disable\tDisable use of TCP SYN cookies with IPv4

default: "enable"

syntax:expression: $VAR(@) in "enable", "disable"; "syn-cookies must be enable or disable"

update:
	if [ x$VAR(@) == xenable ]; then
	    sudo sh -c "echo 1 > /proc/sys/net/ipv4/tcp_syncookies"
        else
	    sudo sh -c "echo 0 > /proc/sys/net/ipv4/tcp_syncookies"
	fi

delete:
	sudo sh -c "echo 1 > /proc/sys/net/ipv4/tcp_syncookies"