diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf
index 7e7ebee44..d48c7734e 100644
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -32,7 +32,7 @@ net.ipv6.conf.all.disable_ipv6 = 1
 net.ipv6.conf.default.disable_ipv6 = 1
 
 # Enable netfilter accounting
-net.netfilter.nf_conntrack_acct=1
+net.netfilter.nf_conntrack_acct = 1
 
 # Disable netfilter on bridges.
 net.bridge.bridge-nf-call-ip6tables = 0
@@ -86,10 +86,15 @@ net.ipv4.tcp_wmem = 4096 16384 16777216
 net.ipv4.udp_mem = 3145728 4194304 16777216
 
 # Prefer low latency over higher throughput
-net.ipv4.tcp_low_latency=1
+net.ipv4.tcp_low_latency = 1
 
 # Reserve more socket space for the TCP window
-net.ipv4.tcp_adv_win_scale=2
+net.ipv4.tcp_adv_win_scale = 2
 
 # Enable TCP fast-open
 net.ipv4.tcp_fastopen = 3
+
+# Drop RST packets for sockets in TIME-WAIT state, as described in RFC 1337.
+# This protects against various TCP attacks, such as DoS against or injection
+# of arbitrary segments into prematurely closed connections.
+net.ipv4.tcp_rfc1337 = 1