Comment 0 for bug 1326884

Setting system variables in a non-standard location is a bit confusing. Please consider moving sysctl.conf in /etc/sysctl.d where precedence can be easily determined.

For example, UFW sets tcp_syncookies to 0 since:

# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
# (http://lkml.org/lkml/2008/2/5/167)

, but at the same time tcp_syncookies is set to 1 in /etc/sysctl.d/10-network-security.conf due to:

# Turn on SYN-flood protections. Starting with 2.6.26, there is no loss
# of TCP functionality/features under normal conditions. When flood
# protections kick in under high unanswered-SYN load, the system
# should remain more stable, with a trade off of some loss of TCP
# functionality/features (e.g. TCP Window scaling).

In this case the variable setting at the usual places (/etc/sysctl.conf and /etc/sysctl.d/) shows one thing while the live system variable is set differently and you are left wondering which package/config/script is responsible for it.

BTW, the system-wide setting for tcp_syncookies as provided by the procps package in /etc/sysctl.d/10-network-security.conf seems to be more reasonable.

ufw 0.34~rc-0ubuntu2

Ubuntu 14.04 LTS