diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 88dab81..52e3345 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -297,10 +297,9 @@ net.ipv6.conf.default.accept_source_route=0
 net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.default.accept_ra=0
 
-## Disable SACK, DSACK, and FACK.
+## Disable SACK and DSACK.
 ## Select acknowledgements (SACKs) are a known common vector of exploitation.
 ## Duplicate select acknowledgements (DSACKs) are an extension of SACK.
-## Forward acknowledgements (FACKs) are a legacy option that will (eventually) be deprecated.
 ## Disabling can cause severe connectivity issues on networks with high latency or packet loss.
 ## Enabling on stable high-bandwidth networks can lead to reduced efficiency of TCP connections.
 ##
@@ -315,7 +314,6 @@ net.ipv6.conf.default.accept_ra=0
 ##
 #net.ipv4.tcp_sack=0
 #net.ipv4.tcp_dsack=0
-#net.ipv4.tcp_fack=0
 
 ## Disable TCP timestamps to limit device fingerprinting via system time.
 ##