Explicitly turn on syncookies everywhere

diff --git a/roles/base.rb b/roles/base.rb
index 15c913d3d3d9354643ed176b9dc8a05cb9f1ddec..2e2805142627fe77dd359168d4b7c138a5795824 100644 (file)
--- a/roles/base.rb
+++ b/roles/base.rb
@@ -49,9 +49,9 @@ default_attributes(
       }
     },
     :tcp_syncookies => {
-      :comment => "Turn off syncookies as they interact badly with the firewall",
+      :comment => "Turn on syncookies to protect against SYN floods",
       :parameters => {
-        "net.ipv4.tcp_syncookies" => "0"
+        "net.ipv4.tcp_syncookies" => "1"
       }
     }
   },