From 1087387b362d5598e44262db07ab0fff9118b064 Mon Sep 17 00:00:00 2001
From: Raja Grewal <rg_public@proton.me>
Date: Wed, 17 Jul 2024 23:35:25 +1000
Subject: [PATCH] Remove obsolete `#net.ipv4.tcp_fack=0`

---
 usr/lib/sysctl.d/990-security-misc.conf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 88dab81..52e3345 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -297,10 +297,9 @@ net.ipv6.conf.default.accept_source_route=0
 net.ipv6.conf.all.accept_ra=0
 net.ipv6.conf.default.accept_ra=0
 
-## Disable SACK, DSACK, and FACK.
+## Disable SACK and DSACK.
 ## Select acknowledgements (SACKs) are a known common vector of exploitation.
 ## Duplicate select acknowledgements (DSACKs) are an extension of SACK.
-## Forward acknowledgements (FACKs) are a legacy option that will (eventually) be deprecated.
 ## Disabling can cause severe connectivity issues on networks with high latency or packet loss.
 ## Enabling on stable high-bandwidth networks can lead to reduced efficiency of TCP connections.
 ##
@@ -315,7 +314,6 @@ net.ipv6.conf.default.accept_ra=0
 ##
 #net.ipv4.tcp_sack=0
 #net.ipv4.tcp_dsack=0
-#net.ipv4.tcp_fack=0
 
 ## Disable TCP timestamps to limit device fingerprinting via system time.
 ##