Information
The tcp_pmtu_discover parameter controls whether TCP MTU discovery is enabled.
Rationale:
The tcp_pmtu_discover parameter will be set to 0. The idea of MTU discovery is to avoid packet fragmentation between remote networks. This is achieved by discovering the network route and utilizing the smallest MTU size within that path when transmitting packets. When tcp_pmtu_discover is enabled, it leaves the system vulnerable to source routing attacks.
Solution
In /etc/tunables/nextboot, add the tcp_pmtu_discover entry:
no -p -o tcp_pmtu_discover=0
This makes the change permanent by adding the entry into /etc/tunables/nextboot
Default Value:
1