Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-06-06 14:09:07 -04:00
Code Issues Projects Releases Packages Wiki Activity

reduce conntrack UDP timeouts

Browse source 
This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
This commit is contained in:
Daniel Micay 2024-04-30 12:13:02 -04:00
parent 6dbc014f4b
commit f9425e3ebd
1 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
sysctl.d/local.conf
View file

@ -37,6 +37,8 @@ net.mptcp.enabled = 0
net.netfilter.nf_conntrack_tcp_loose = 0 net.netfilter.nf_conntrack_tcp_loose = 0
net.netfilter.nf_conntrack_tcp_timeout_established = 14400 net.netfilter.nf_conntrack_tcp_timeout_established = 14400
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.netfilter.nf_conntrack_udp_timeout = 15
net.netfilter.nf_conntrack_udp_timeout_stream = 15
net.netfilter.nf_conntrack_expect_max = 1 net.netfilter.nf_conntrack_expect_max = 1
kernel.yama.ptrace_scope = 2 kernel.yama.ptrace_scope = 2