From f9425e3ebd2f422acedcca3115d94fcb8d665d21 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Tue, 30 Apr 2024 12:13:02 -0400
Subject: [PATCH] reduce conntrack UDP timeouts

This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
---
 sysctl.d/local.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sysctl.d/local.conf b/sysctl.d/local.conf
index fe19e54..92eb6a1 100644
--- a/sysctl.d/local.conf
+++ b/sysctl.d/local.conf
@@ -37,6 +37,8 @@ net.mptcp.enabled = 0
 net.netfilter.nf_conntrack_tcp_loose = 0
 net.netfilter.nf_conntrack_tcp_timeout_established = 14400
 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
+net.netfilter.nf_conntrack_udp_timeout = 15
+net.netfilter.nf_conntrack_udp_timeout_stream = 15
 net.netfilter.nf_conntrack_expect_max = 1
 
 kernel.yama.ptrace_scope = 2