X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/a7d96c8358a00088b485fadb5966eb4b231d2ff1..8853d81b9b39f284d824431c9715a309cf759d31:/roles/base.rb

diff --git a/roles/base.rb b/roles/base.rb
index 15c913d3d..06bcaf9a2 100644
--- a/roles/base.rb
+++ b/roles/base.rb
@@ -49,9 +49,9 @@ default_attributes(
       }
     },
     :tcp_syncookies => {
-      :comment => "Turn off syncookies as they interact badly with the firewall",
+      :comment => "Turn on syncookies to protect against SYN floods",
       :parameters => {
-        "net.ipv4.tcp_syncookies" => "0"
+        "net.ipv4.tcp_syncookies" => "1"
       }
     }
   },
@@ -79,5 +79,6 @@ run_list(
   "recipe[openssh]",
   "recipe[sysctl]",
   "recipe[sysfs]",
-  "recipe[tools]"
+  "recipe[tools]",
+  "recipe[fail2ban]"
 )