/etc/sysctl.conf

1. #
2. # /etc/sysctl.conf - Configuration file for setting system variables
3. # See /etc/sysctl.d/ for additional system variables.              
4. # See sysctl.conf (5) for information.
5. #                        
6.                                                      
7. #kernel.domainname = example.com                        
8.                          
9. # Uncomment the following to stop low-level messages on console
10. #kernel.printk = 3 4 1 3
11.                                                                    
12. ##############################################################3
13. # Functions previously found in netbase
14. #                                                                      
15.                                                
16. # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
17. # Turn on Source Address Verification in all interfaces to
18. # prevent some spoofing attacks
19. #net.ipv4.conf.default.rp_filter=1
20. #net.ipv4.conf.all.rp_filter=1
21.  
22. # Uncomment the next line to enable TCP/IP SYN cookies
23. # See http://lwn.net/Articles/277146/
24. # Note: This may impact IPv6 TCP sessions too
25. #net.ipv4.tcp_syncookies=1            
26.                                        
27. # Uncomment the next line to enable packet forwarding for IPv4
28. net.ipv4.ip_forward=1    
29.                                    
30. # Uncomment the next line to enable packet forwarding for IPv6
31. #  Enabling this option disables Stateless Address Autoconfiguration
32. #  based on Router Advertisements for this host
33. net.ipv6.conf.all.forwarding=1
34.  
35. ###################################################################
36. # Additional settings - these settings can improve the network
37. # security of the host and prevent against some network attacks
38. # including spoofing attacks and man in the middle attacks through
39. # redirection. Some network environments, however, require that these
40. # settings are disabled so review and enable them as needed.
41. #
42. # Do not accept ICMP redirects (prevent MITM attacks)
43. #net.ipv4.conf.all.accept_redirects = 0
44. #net.ipv6.conf.all.accept_redirects = 0
45. # _or_
46. # Accept ICMP redirects only for gateways listed in our default
47. # gateway list (enabled by default)
48. # net.ipv4.conf.all.secure_redirects = 1
49. #
50. # Do not send ICMP redirects (we are not a router)
51. #net.ipv4.conf.all.send_redirects = 0
52. #
53. # Do not accept IP source route packets (we are not a router)
54. #net.ipv4.conf.all.accept_source_route = 0
55. #net.ipv6.conf.all.accept_source_route = 0
56. #
57. # Log Martian Packets
58. #net.ipv4.conf.all.log_martians = 1
59. #
60.  
61. ###################################################################
62. # Magic system request Key
63. # 0=disable, 1=enable all
64. # Debian kernels have this set to 0 (disable the key)
65. # See https://www.kernel.org/doc/Documentation/sysrq.txt
66. # for what other values do
67. #kernel.sysrq=1
68.  
69. ###################################################################
70. # Protected links
71. #
72. # Protects against creating or following links under certain conditions
73. # Debian kernels have both set to 1 (restricted)
74. # See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
75. #fs.protected_hardlinks=0
76. #fs.protected_symlinks=0
77.  
78. vm.overcommit_memory = 1
79.  
80. net.core.somaxconn = 256000
81.  
82. fs.file-max = 1048576
83. fs.inotify.max_queued_events = 1048576
84. fs.inotify.max_user_instances = 1048576
85. fs.inotify.max_user_watches = 1048576
86. vm.max_map_count = 262144
87. net.core.netdev_max_backlog = 769902