From f3ae109eacedd57e171f94a81adfad0319a8ac97 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Wed, 24 Apr 2024 10:45:02 -0400
Subject: [PATCH] reduce conntrack SYN timeouts to match TCP/IP stack

---
 sysctl.d/local.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sysctl.d/local.conf b/sysctl.d/local.conf
index 3dd68ee..cf1a20c 100644
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@@ -19,9 +19,11 @@ net.ipv4.tcp_max_syn_backlog = 65536
 
 # 31s with initial 1s RTO
 net.ipv4.tcp_syn_retries = 4
+net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 31
 
 # 15s with initial 1s RTO
 net.ipv4.tcp_synack_retries = 3
+net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 15
 
 # 102.2s with minimum 0.2s RTO
 net.ipv4.tcp_retries2 = 8