Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2024-06-30 00:01:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
439 Commits 1 Branch 0 Tags 1.7 MiB
f1d388e5c9
Commit Graph

22 Commits

Author SHA1 Message Date
Daniel Micay
f9425e3ebd reduce conntrack UDP timeouts 
This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
 2024-04-30 12:13:02 -04:00
Daniel Micay
6dbc014f4b set conntrack expectation table to minimum size 2024-04-27 12:48:21 -04:00
Daniel Micay
bab3f0c14a disable IPv4-mapped IPv6 addresses by default 2024-04-25 10:38:54 -04:00
Daniel Micay
fb40773157 reduce conntrack TCP TIME-WAIT timeout to match TCP stack 2024-04-24 21:12:12 -04:00
Daniel Micay
82cc1beccb remove unused SYN backlog configuration 
This isn't used anymore despite inaccurate kernel configuration
documentation. The SYN_RECV queue is set based on the backlog value
just like the separate accept queue for established connections.
 2024-04-24 18:58:41 -04:00
Daniel Micay
f3ae109eac reduce conntrack SYN timeouts to match TCP/IP stack 2024-04-24 10:45:02 -04:00
Daniel Micay
711e432a67 remove unnecessary local-reserved-ports.conf template 2024-04-13 14:17:23 -04:00
Daniel Micay
f9bce64060 enable TCP window shrinking 
The default is a potential denial of service issue via TCP memory
exhaustion.
 2024-04-13 13:52:08 -04:00
Daniel Micay
5106ec7f4a remove redundant vm.max_map_count configuration 
The same value we were using is now the default.
 2024-04-07 15:11:35 -04:00
Daniel Micay
eb55afa3a8 reorganize sysctl configuration 2024-03-24 11:03:31 -04:00
Daniel Micay
51a4f8ca7a extend disabling ICMP redirects 2024-03-24 10:43:37 -04:00
Daniel Micay
ec2cbbdb4e enforce strict reverse path filtering via nftables 2024-03-23 13:35:49 -04:00
Daniel Micay
d39937fc6c disable currently unused energy aware scheduling 2024-02-12 16:13:45 -05:00
Daniel Micay
dd9d6ff2a5 disable unused multipath TCP 2024-01-03 10:52:27 -05:00
Daniel Micay
dcb50a9085 add /etc/sysctl.d/local-reserved-ports.conf 2023-06-06 21:55:11 -04:00
Daniel Micay
6530e1a583 reboot immediately on kernel panic 
We can adjust this if we ever need to debug a kernel panic issue which
is not expected.
 2023-01-09 14:18:30 -05:00
Daniel Micay
966100eb9f vm.max_map_count to 1048576 2022-09-25 07:48:50 -04:00
Daniel Micay
5461b3f05b raise tcp_max_syn_backlog to 65536 2022-08-28 15:54:11 -04:00
Daniel Micay
256c3652cc disable unused binfmt_misc 2022-08-14 13:46:00 -04:00
Daniel Micay
829ea23e8d lower conntrack established tcp connection timeout 2022-07-03 05:28:54 -04:00
Daniel Micay
1c47cd88ab disable loose TCP connection tracking 2022-07-03 03:50:53 -04:00
Daniel Micay
f6435cae74 reduce tcp retransmission attempts 2022-06-29 03:58:53 -04:00