On Thursday 11 August 2016 16:35:06 deloptes wrote: > Joe wrote: > > On Thu, 11 Aug 2016 20:31:37 +0100 > > > > Lisi Reisz <lisi.re...@gmail.com> wrote: > >> I copied and pasted the commands exactly, and ran them as root, and > >> got an echo of net.ipv4.tcp_challenge_ack_limit = 999999999 in > >> response to the first and a blank return in response to the second. > >> I don't know the significance. > > > > Go and read /proc/net/ipv4... and it should show the changed value. > > > > I believe the echo means it worked. I also believe it needs to be > > added to /etc/sysctl.conf (without the 'sysctl -p') to be redone on > > boot. It seems to affect every current Debian up to sid. > > I don't see it in the /proc tree (kernel 4.6.4 on jessie) > > # ls -1 /proc/net/ip* > /proc/net/ip6_flowlabel > /proc/net/ip_tables_matches > /proc/net/ip_tables_names > /proc/net/ip_tables_targets > /proc/net/ipv6_route > > and on the firewall (2.6.26.2 wheezy) > > sysctl -w net.ipv4.tcp_challenge_ack_limit=999999999 > sysctl: cannot stat /proc/sys/net/ipv4/tcp_challenge_ack_limit: No > such file or directory > > I don't understand if it is bad. > > on the file server (kernel 3.2.0 jessie) > > cat /proc/sys/net/ipv4/tcp_challenge_ack_limit > 999999999 > > interesting ... > > Do you have recommendations?
It looks like you have it right. > regards Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene>
