KeRo99

1. #
2. # Disables IP source routing
3. #
4. net.ipv4.conf.all.accept_source_route = 0
5. #
6. net.ipv4.conf.lo.accept_source_route = 0
7. #
8. net.ipv4.conf.eth0.accept_source_route = 0
9. #
10. net.ipv4.conf.default.accept_source_route = 0
11. #
12.  
13. #
14. # Enable IP spoofing protection, turn on source route verification
15. #
16. net.ipv4.conf.all.rp_filter = 1
17. #
18. net.ipv4.conf.lo.rp_filter = 1
19. #
20. net.ipv4.conf.eth0.rp_filter = 1
21. #
22. net.ipv4.conf.default.rp_filter = 1
23. #
24.  
25. #
26. # Disable ICMP Redirect Acceptance
27. #
28. net.ipv4.conf.all.accept_redirects = 0
29. #
30. net.ipv4.conf.lo.accept_redirects = 0
31. #
32. net.ipv4.conf.eth0.accept_redirects = 0
33. #
34. net.ipv4.conf.default.accept_redirects = 0
35. #
36.  
37. #
38. # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
39. #
40. net.ipv4.conf.all.log_martians = 0
41. #
42. net.ipv4.conf.lo.log_martians = 0
43. #
44. net.ipv4.conf.eth0.log_martians = 0
45. #
46.  
47. #
48. # Disables IP source routing
49. #
50. net.ipv4.conf.all.accept_source_route = 0
51. #
52. net.ipv4.conf.lo.accept_source_route = 0
53. #
54. net.ipv4.conf.eth0.accept_source_route = 0
55. #
56. net.ipv4.conf.default.accept_source_route = 0
57. #
58.  
59. #
60. # Enable IP spoofing protection, turn on source route verification
61. #
62. net.ipv4.conf.all.rp_filter = 1
63. #
64. net.ipv4.conf.lo.rp_filter = 1
65. #
66. net.ipv4.conf.eth0.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1
67. #
68.  
69. #
70. # Disable ICMP Redirect Acceptance
71. #
72. net.ipv4.conf.all.accept_redirects = 0
73. #
74. net.ipv4.conf.lo.accept_redirects = 0
75. #
76. net.ipv4.conf.eth0.accept_redirects = 0
77. #
78. net.ipv4.conf.default.accept_redirects = 0
79. #
80.  
81. #
82.  
83. #
84. # Decrease the time default value for tcp_fin_timeout connection
85. #
86. net.ipv4.tcp_fin_timeout = 15
87. #
88.  
89. #
90. # Decrease the time default value for tcp_keepalive_time connection
91. #
92. net.ipv4.tcp_keepalive_time = 1800
93. #
94.  
95. #
96. # Turn off the tcp_window_scaling
97. #
98. net.ipv4.tcp_window_scaling = 0
99. #
100.  
101. #
102. # Turn off the tcp_sack
103. #
104. net.ipv4.tcp_sack = 0
105. #
106.  
107. #
108. # Turn off the tcp_timestamps
109. #
110. net.ipv4.tcp_timestamps = 0
111. #
112.  
113. #
114. # Enable TCP SYN Cookie Protection
115. #
116. net.ipv4.tcp_syncookies = 1
117. #
118.  
119. #
120. # Enable ignoring broadcasts request
121. #
122. net.ipv4.icmp_echo_ignore_broadcasts = 1
123. #
124.  
125. #
126. # Enable bad error message Protection
127. #
128. net.ipv4.icmp_ignore_bogus_error_responses = 1
129. #
130.  
131. #
132. # Log Spoofed Packets, Source Routed Packets, Redirect Packets
133. #
134. net.ipv4.conf.all.log_martians = 0
135. #
136.  
137. #
138. # Increases the size of the socket queue (effectively, q0).
139. #
140. net.ipv4.tcp_max_syn_backlog = 1024
141. #
142.  
143. #
144. # Increase the tcp-time-wait buckets pool size
145. #
146. net.ipv4.tcp_max_tw_buckets = 1440000
147. #
148.  
149. #
150. # Allowed local port range
151. #
152. net.ipv4.ip_local_port_range = 16384 65536
153. #
154.  
155. #
156. # CUSTOM PART
157. #
158. fs.file-max = 65536
159. #
160.  
161. #
162. kernel.core_pattern = core.%p kernel.sem = 512 32000 100 512
163. #
164.  
165. #
166. vm.swappiness = 0
167.  
168. net.core.rmem_max = 16777216
169. net.core.wmem_max = 16777216
170. net.ipv4.tcp_rmem = 4096 87380 16777216
171. net.ipv4.tcp_wmem = 4096 65536 16777216