reversed order for fragmentation thresholds

klaver · Aug 15, 2018 · e5d3aca · e5d3aca
1 parent 597f0c0
commit e5d3aca
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/sysctl.conf b/sysctl.conf
@@ -231,10 +231,11 @@ net.ipv4.tcp_max_orphans = 16384
 net.ipv4.tcp_orphan_retries = 0
 
 # Limit the maximum memory used to reassemble IP fragments (CVE-2018-5391)
-net.ipv4.ipfrag_high_thresh = 262144
-net.ipv6.ip6frag_high_thresh = 262144
 net.ipv4.ipfrag_low_thresh = 196608
 net.ipv6.ip6frag_low_thresh = 196608
+net.ipv4.ipfrag_high_thresh = 262144
+net.ipv6.ip6frag_high_thresh = 262144
+
 
 # don't cache ssthresh from previous connection
 net.ipv4.tcp_no_metrics_save = 1