3.124. TCPSettings
Description
Settings related to the TCP protocol.
Properties
TCPOptionSizes Validity of TCP header option sizes. (Default:
ValidateLogBad)
TCPMSSMin Minimum allowed TCP MSS (Maximum Segment
Size). (Default: 100)
TCPMSSOnLow How to handle too low MSS values. (Default:
DropLog)
TCPMSSMax Maximum allowed TCP MSS (Maximum Segment
Size). (Default: 1460)
TCPMSSVPNMax Limits TCP MSS for VPN connections; minimizes
fragmentation. (Default: 1400)
TCPMSSOnHigh How to handle too high MSS values. (Default:
Adjust)
TCPMSSLogLevel When to log regarding too high TCP MSS, if not
logged by "TCP MSS on high". (Default: 7000)
TCPMSSAutoClamping Automatically clamp TCP MSS according to MTU of
involved interfaces - in addition to "TCP MSS max".
(Default: Yes)
TCPZeroUnusedACK Force unused ACK fields to zero; helps prevent
connection spoofing. (Default: Yes)
TCPZeroUnusedURG Force unused URG fields to zero; prevents small
information leak. (Default: Yes)
TCPOPT_WSOPT The WSOPT (Window Scale) option (common).
(Default: ValidateLogBad)
TCPOPT_SACK The SACK/SACKPERMIT (Selective ACK) options
(common). (Default: ValidateLogBad)
TCPOPT_TSOPT The TSOPT (Timestamp) option (common).
(Default: ValidateLogBad)
TCPOPT_ALTCHKREQ The ALTCHKREQ (Alternate Checksum Request)
option. (Default: StripLog)
TCPOPT_ALTCHKDATA The ALTCHKDATA (Alternate Checksum Data)
option. (Default: StripLog)
TCPOPT_CC The CC (Connection Count) option series (semi
common). (Default: StripLogBad)
TCPOPT_OTHER How to handle TCP options not specified above.
(Default: StripLog)
Chapter 3: Configuration Reference
305
To Next Page
Loading...
