mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-11-26 00:28:28 -05:00
13 lines
604 B
Text
13 lines
604 B
Text
## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## Conntrack:
|
|
## Disable Netfilter's automatic connection tracking helper assignment.
|
|
## This functionality adds unnecessary features, such as IRC protocol parsing, into the kernel.
|
|
## Disabling it reduces the kernel attack surface and improves security.
|
|
##
|
|
## https://conntrack-tools.netfilter.org/manual.html
|
|
## https://home.regit.org/netfilter-en/secure-use-of-helpers/
|
|
## https://forums.whonix.org/t/disable-conntrack-helper/18917
|
|
##
|
|
options nf_conntrack nf_conntrack_helper=0
|