Re: New release of the "Securing Debian Manual" (2.5)
Hello Javi,
thanks for your good work.
I have a *new* FIXME (as opposed to removing one) in the script at
"4.19.2 Securing the network on boot-time":
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
doesn't work for 2.4 kernels. It seems, there are three new options for
more fine-grained control about defragmenting:
/proc/sys/net/ipv4/ipfrag_high_thresh
Maximum amount of memory used for defragmenting.
(default at my system: 262144)
/proc/sys/net/ipv4/ipfrag_low_thresh
Minimum amount of memory used for defragmenting.
(default at my system: 196608)
/proc/sys/net/ipv4/ipfrag_time
Time to wait for additional fragments.
(default at my system: 30)
I have no in-depth knowledge about this, though. It looks like "always
defrag" would be enabled in 2.4 by default (with the parameters
specified above), but I don't know how to disable it. Maybe setting
ipfrag_time or ipfrag_high_thres to zero ??? - Can anybody help?
regards,
Thiemo Nagel
Reply to: