netbase 3.16-10 and TCP SYN cookies being enabled by default
The new netbase package (3.16-10) enables syncookies by default if they're
compiled in the kernel. No warnings, and the only documentation for this is
in the changelog.Debian file...
Now, IMHO it should at least give a WARNING: TCP SYNCOOKIES ENABLED message
on the init.d script, as syncookies are supposed to cause some connectivity
problems as a side-effect (or at least that's the idea I got from reading
some docs in the net a while ago). You shouldn't enable them if you don't
need them, I think... There's probably a good reason why the Linux kernel
maintainers do not enable it by default when the support is compiled in.
I'd rather this was a configuration option (ask the user), but a warning in
the init.d script (and one in the install scripts is probably a good idea as
well) is enough to me.
I've not filled a bug against this (yet) because I couldn't find #43402 in
the archived bug reports, and I'm not sure if using syncookies when not
needed is really that bad...
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: