From: Tom Hughes <tom@compton.nu>
Date: Thu, 27 Jun 2013 08:04:28 +0000 (+0100)
Subject: Explicitly turn on syncookies everywhere
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/cb5f0da0d5c1e54318bb10ea9609b256876bce41?hp=53618f52a6a71a020f42d3244b94b9f48816d0d8

Explicitly turn on syncookies everywhere
---

diff --git a/roles/base.rb b/roles/base.rb
index 15c913d3d..2e2805142 100644
--- a/roles/base.rb
+++ b/roles/base.rb
@@ -49,9 +49,9 @@ default_attributes(
       }
     },
     :tcp_syncookies => {
-      :comment => "Turn off syncookies as they interact badly with the firewall",
+      :comment => "Turn on syncookies to protect against SYN floods",
       :parameters => {
-        "net.ipv4.tcp_syncookies" => "0"
+        "net.ipv4.tcp_syncookies" => "1"
       }
     }
   },