firewall4: are the options tcp_syncookies, tcp_ecn, tcp_window_scaling, accept_redirects and accept_source_route used at all by the fw4
Paul D
newtwen at gmail.com
Wed Mar 19 21:35:38 PDT 2025
On 2025-03-12 16:55, Florian Eckert wrote:
> Hello Jo,
> Hello Community
>
> I have just gone through the options of the fw4 and wanted to
> integrate the missing and useful ones into the LuCI [1]. I have
> noticed, that the following boolean options are in the fw4 default
> parser configuration section but they are not used anywhere else
> in the fw4 source!
>
Was this ever answered?
> * tcp_syncookies [2]
> * tcp_ecn [3]
> * tcp_window_scaling [4]
> * accept_redirects [5]
> * accept_source_route [6]
>
> I have only seen that the option 'tcp_syncookies' is set via
> sysctl [7]. But this option is not configurable.
>
> Can they all be deleted from the fw4 source or is anyone else
> using these options in the system?
>
> Some of this options are also available in fw3 since the initial
> checkin of the source.
>
> Are these perhaps artefacts from a bygone era?
>
> Best regards
>
> Florian
>
> [1] https://openwrt.org/docs/guide-user/firewall/firewall_configuration#options
> [2] https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;hb=HEAD#l1962
> [3] https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;hb=HEAD#l1963
> [4] https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;hb=HEAD#l1964
> [5] https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;hb=HEAD#l1966
> [6] https://git.openwrt.org/?p=project/firewall4.git;a=blob;f=root/usr/share/ucode/fw4.uc;hb=HEAD#l1967
> [7] https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/base-files/files/etc/sysctl.d/10-default.conf;hb=HEAD#l22
>
More information about the openwrt-devel
mailing list