Skip to content

The system must set maximum number of half-open TCP connections to 4096.

An XCCDF Rule

Description

<VulnDiscussion>This setting controls how many half-open connections can exist for a TCP port. It is necessary to control the number of completed connections to the system to provide some protection against denial of service attacks.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-216378r959010_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

The Network Management profile is required

Configure maximum TCP connections for IPv4 and IPv6.

# pfexec ipadm set-prop -p _conn_req_max_q0=4096 tcp