summaryrefslogtreecommitdiff
path: root/roles/core
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2022-10-04 00:06:47 +0200
committerChristian Pointner <equinox@spreadspace.org>2022-10-04 00:06:47 +0200
commit39d93b5a9f4d2061023bc9cfbc2e0f47d4106845 (patch)
treed85d89f8eae1cb77d1d195d86a94faba85511eec /roles/core
parentaccesspoints: some more tweaks (diff)
core/base: re-enable TCP sack
Diffstat (limited to 'roles/core')
-rw-r--r--roles/core/base/vars/main.yml7
1 files changed, 3 insertions, 4 deletions
diff --git a/roles/core/base/vars/main.yml b/roles/core/base/vars/main.yml
index 2312a8b9..05d021fd 100644
--- a/roles/core/base/vars/main.yml
+++ b/roles/core/base/vars/main.yml
@@ -44,7 +44,6 @@ base_sysctl_config:
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies: 1
- # Disable Selective Acknowledgement (SACK)
- # Workaround CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
- # See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
- net.ipv4.tcp_sack: 0
+ # re-enable Selective Acknowledgement (SACK)
+ # CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 have been long fixed now
+ net.ipv4.tcp_sack: 1