Pacnew: Keep your config files up to date - January `19


Originally published at:


Four files need to be changed:

UFW & PHP – Pacnew
warning: /etc/default/ufw installed as /etc/default/ufw.pacnew
warning: /etc/ufw/before.rules installed as /etc/ufw/before.rules.pacnew
warning: /etc/ufw/sysctl.conf installed as /etc/ufw/sysctl.conf.pacnew
warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew


The easiest way is to install etc-update from the AUR repo
yay -S etc-update
sudo etc-update

and follow the instructions.






sudo nano /etc/default/ufw

add the + line

# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
@@ -41,5 +41,6 @@
# nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
# nf_conntrack_ftp, nf_nat_ftp: active FTP support
# nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
+# nf_conntrack_sane: sane support
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"



sudo nano /etc/ufw/before.rules

delete lines

-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-forward -p icmp --icmp-type source-quench -j ACCEPT

Bug Description:



sudo nano /etc/ufw/sysctl.conf

add the + lines and delete the – lines

-# Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
-# (
+# Change to '0' to disable TCP/IP SYN cookies. A value of '1' disables TCP
+# Window Scaling (



sudo nano /etc/php/php.ini

add the + lines

@@ -989,6 +989,13 @@
; otherwise output encoding conversion cannot be performed.
;iconv.output_encoding =
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
;intl.default_locale =
; This directive allows you to produce PHP errors when some error


That’s it.