pfSense — Disable TCP timestamps to pass PCI compliance scan

Last Updated: July 27th, 2022/Published On: May 22nd, 2022/By /Views: 3763/

We were working with a client to disable TCP timestamps (RFC1323) on pfSense to pass their PCI compliance scans. Referencing this thread ( Pfsense disable tcp timestamps RFC1323 ), it should be in system tunables but it was not present.

  • To make this happen, go in through ssh and use sysctl to change it, it’s not listed in the gui.
  • Command is sysctl net.inet.tcp.rfc1323=0
    • you can also use sysctl -a to list all system tunables that don’t show in the gui.
  • sysctl -a | grep [keyword] will let you filter down results as well, so you don’t have to dig through the list.
    • That’s how I was able to find this; sysctil -a | grep 1323
Categories: BlogTags:

Table of Contents