Setting net.ipv4.tcp_syncookies once is probably enough.
--- en-US/Books/SecurityPolicy/configs/sysctl.conf | 1 - en-US/Books/SecurityPolicy/standard.xml | 1 - 2 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/en-US/Books/SecurityPolicy/configs/sysctl.conf b/en-US/Books/SecurityPolicy/configs/sysctl.conf index 1eacd70..ee9b318 100644 --- a/en-US/Books/SecurityPolicy/configs/sysctl.conf +++ b/en-US/Books/SecurityPolicy/configs/sysctl.conf @@ -41,7 +41,6 @@ net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 -net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.accept_source_route = 0 diff --git a/en-US/Books/SecurityPolicy/standard.xml b/en-US/Books/SecurityPolicy/standard.xml index 5d4835a..c5fc9f2 100644 --- a/en-US/Books/SecurityPolicy/standard.xml +++ b/en-US/Books/SecurityPolicy/standard.xml @@ -219,7 +219,6 @@ net.ipv4.conf.default.send_redirects = 0 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 -net.ipv4.tcp_syncookies = 1 net.ipv4.conf.all.log_martians = 1 net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.all.accept_source_route = 0