summaryrefslogtreecommitdiff
path: root/roles/base
diff options
context:
space:
mode:
Diffstat (limited to 'roles/base')
-rw-r--r--roles/base/vars/main.yml5
1 files changed, 5 insertions, 0 deletions
diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml
index 557a4a7c..d228b088 100644
--- a/roles/base/vars/main.yml
+++ b/roles/base/vars/main.yml
@@ -43,3 +43,8 @@ sysctl_config:
# Prevent against the common 'syn flood attack'
net.ipv4.tcp_syncookies: 1
+
+ # Disable Selective Acknowledgement (SACK)
+ # Workaround CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
+ # See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
+ net.ipv4.tcp_sack: 0
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-03 05:26:06 +0000