From 1c47cd88ab8e7334391283f097684d51e637c85d Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 3 Jul 2022 03:50:53 -0400
Subject: [PATCH] disable loose TCP connection tracking

---
 modules-load.d/local.conf | 1 +
 sysctl.d/local.conf       | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 modules-load.d/local.conf

diff --git a/modules-load.d/local.conf b/modules-load.d/local.conf
new file mode 100644
index 0000000..f9cda6a
--- /dev/null
+++ b/modules-load.d/local.conf
@@ -0,0 +1 @@
+nf_conntrack
diff --git a/sysctl.d/local.conf b/sysctl.d/local.conf
index 000eadd..cc636a5 100644
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@@ -25,6 +25,8 @@ net.ipv4.conf.default.send_redirects = 0
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0
 
+net.netfilter.nf_conntrack_tcp_loose = 0
+
 kernel.yama.ptrace_scope = 2
 
 vm.mmap_rnd_bits = 32