ufw

move /etc/ufw/sysctl.conf to /etc/sysctl.d/XX-ufw.conf

Bug #1326884 reported by Stoyan Stoyanov
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
ufw
Triaged
Wishlist
Unassigned

Bug Description

Setting system variables in a non-standard location is a bit confusing. Please consider moving /etc/ufw/sysctl.conf in /etc/sysctl.d where precedence can be easily determined.

For example, UFW sets tcp_syncookies to 0 since:

# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
# (http://lkml.org/lkml/2008/2/5/167)

, but at the same time tcp_syncookies is set to 1 in /etc/sysctl.d/10-network-security.conf due to:

# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).

In this case the variable setting at the usual places (/etc/sysctl.conf and /etc/sysctl.d/) shows one thing while the live system variable is set differently and you are left wondering which package/config/script is responsible for it.

BTW, the system-wide setting for tcp_syncookies as provided by the procps package in /etc/sysctl.d/10-network-security.conf seems to be more reasonable.

ufw 0.34~rc-0ubuntu2

Ubuntu 14.04 LTS

See original description
Stoyan Stoyanov (stoyansbg)
description: updated
Jamie Strandboge (jdstrand)
Changed in ufw:
status: New → Triaged
Jamie Strandboge (jdstrand)
Changed in ufw:
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.