diff options
| -rw-r--r-- | net/ipv4/Kconfig | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 8e3a1fd938ab..7c3a7d191249 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig | |||
| @@ -303,7 +303,7 @@ config ARPD | |||
| 303 | If unsure, say N. | 303 | If unsure, say N. |
| 304 | 304 | ||
| 305 | config SYN_COOKIES | 305 | config SYN_COOKIES |
| 306 | bool "IP: TCP syncookie support (disabled per default)" | 306 | bool "IP: TCP syncookie support" |
| 307 | ---help--- | 307 | ---help--- |
| 308 | Normal TCP/IP networking is open to an attack known as "SYN | 308 | Normal TCP/IP networking is open to an attack known as "SYN |
| 309 | flooding". This denial-of-service attack prevents legitimate remote | 309 | flooding". This denial-of-service attack prevents legitimate remote |
| @@ -328,13 +328,13 @@ config SYN_COOKIES | |||
| 328 | server is really overloaded. If this happens frequently better turn | 328 | server is really overloaded. If this happens frequently better turn |
| 329 | them off. | 329 | them off. |
| 330 | 330 | ||
| 331 | If you say Y here, note that SYN cookies aren't enabled by default; | 331 | If you say Y here, you can disable SYN cookies at run time by |
| 332 | you can enable them by saying Y to "/proc file system support" and | 332 | saying Y to "/proc file system support" and |
| 333 | "Sysctl support" below and executing the command | 333 | "Sysctl support" below and executing the command |
| 334 | 334 | ||
| 335 | echo 1 >/proc/sys/net/ipv4/tcp_syncookies | 335 | echo 0 > /proc/sys/net/ipv4/tcp_syncookies |
| 336 | 336 | ||
| 337 | at boot time after the /proc file system has been mounted. | 337 | after the /proc file system has been mounted. |
| 338 | 338 | ||
| 339 | If unsure, say N. | 339 | If unsure, say N. |
| 340 | 340 | ||