Setting system variables in a non-standard location is a bit confusing. Please consider moving sysctl.conf in /etc/sysctl.d where precedence can be easily determined.
, but at the same time tcp_syncookies is set to 1 in /etc/sysctl.d/10-network-security.conf due to:
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).
In this case the variable setting at the usual places (/etc/sysctl.conf and /etc/sysctl.d/) shows one thing while the live system variable is set differently and you are left wondering which package/config/script is responsible for it.
BTW, the system-wide setting for tcp_syncookies as provided by the procps package in /etc/sysctl.d/10-network-security.conf seems to be more reasonable.
Setting system variables in a non-standard location is a bit confusing. Please consider moving sysctl.conf in /etc/sysctl.d where precedence can be easily determined.
For example, UFW sets tcp_syncookies to 0 since:
# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling lkml.org/ lkml/2008/ 2/5/167)
# (http://
, but at the same time tcp_syncookies is set to 1 in /etc/sysctl. d/10-network- security. conf due to:
# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss features under normal conditions. When flood features (e.g. TCP Window scaling).
# of TCP functionality/
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/
In this case the variable setting at the usual places (/etc/sysctl.conf and /etc/sysctl.d/) shows one thing while the live system variable is set differently and you are left wondering which package/ config/ script is responsible for it.
BTW, the system-wide setting for tcp_syncookies as provided by the procps package in /etc/sysctl. d/10-network- security. conf seems to be more reasonable.
ufw 0.34~rc-0ubuntu2
Ubuntu 14.04 LTS