2019-11-06 15:15:41 +00:00
|
|
|
- name: Enable net.ipv4.tcp_syncookies
|
|
|
|
|
sysctl:
|
|
|
|
|
name: net.ipv4.tcp_syncookies
|
|
|
|
|
value: '1'
|
|
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
|
|
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
2020-05-02 12:48:36 +00:00
|
|
|
ignore_errors: yes
|
2019-11-06 15:15:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: net.ipv4.conf.all.rp_filter
|
|
|
|
|
sysctl:
|
|
|
|
|
name: net.ipv4.conf.all.rp_filter
|
|
|
|
|
value: '1'
|
|
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
|
|
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
2020-05-02 12:48:36 +00:00
|
|
|
ignore_errors: yes
|
2019-11-06 15:15:41 +00:00
|
|
|
|
|
|
|
|
- name: Enable net.ipv4.tcp_max_syn_backlog
|
|
|
|
|
sysctl:
|
|
|
|
|
name: net.ipv4.tcp_max_syn_backlog
|
|
|
|
|
value: '1024'
|
|
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
|
|
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
2020-05-02 12:48:36 +00:00
|
|
|
ignore_errors: yes
|
2019-11-06 15:15:41 +00:00
|
|
|
|
|
|
|
|
- name: Enable net.ipv4.tcp_synack_retries
|
|
|
|
|
sysctl:
|
|
|
|
|
name: net.ipv4.tcp_synack_retries
|
|
|
|
|
value: '3'
|
|
|
|
|
sysctl_set: yes
|
|
|
|
|
state: present
|
|
|
|
|
reload: yes
|
2020-05-02 12:48:36 +00:00
|
|
|
when: (SYN_FLOOD is defined) and (SYN_FLOOD|length > 0)
|
|
|
|
|
ignore_errors: yes
|
