Public Pastes
daily pastebin goal
87%
SHARE
TWEET

Untitled

a guest Feb 1st, 2016 153 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # /etc/sysctl.conf - Configuration file for setting system variables
  3. # See /etc/sysctl.d/ for additional system variables.
  4. # See sysctl.conf (5) for information.
  5. #
  6.  
  7. #kernel.domainname = example.com
  8.  
  9. # Uncomment the following to stop low-level messages on console
  10. #kernel.printk = 3 4 1 3
  11.  
  12. ##############################################################3
  13. # Functions previously found in netbase
  14. #
  15.  
  16. # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
  17. # Turn on Source Address Verification in all interfaces to
  18. # prevent some spoofing attacks
  19. #net.ipv4.conf.default.rp_filter=1
  20. #net.ipv4.conf.all.rp_filter=1
  21.  
  22. # Uncomment the next line to enable TCP/IP SYN cookies
  23. # See http://lwn.net/Articles/277146/
  24. # Note: This may impact IPv6 TCP sessions too
  25. #net.ipv4.tcp_syncookies=1
  26.  
  27. # Uncomment the next line to enable packet forwarding for IPv4
  28. #net.ipv4.ip_forward=1
  29.  
  30. # Uncomment the next line to enable packet forwarding for IPv6
  31. #  Enabling this option disables Stateless Address Autoconfiguration
  32. #  based on Router Advertisements for this host
  33. #net.ipv6.conf.all.forwarding=1
  34.  
  35.  
  36. ###################################################################
  37. # Additional settings - these settings can improve the network
  38. # security of the host and prevent against some network attacks
  39. # including spoofing attacks and man in the middle attacks through
  40. # redirection. Some network environments, however, require that these
  41. # settings are disabled so review and enable them as needed.
  42. #
  43. # Do not accept ICMP redirects (prevent MITM attacks)
  44. #net.ipv4.conf.all.accept_redirects = 0
  45. #net.ipv6.conf.all.accept_redirects = 0
  46. # _or_
  47. # Accept ICMP redirects only for gateways listed in our default
  48. # gateway list (enabled by default)
  49. # net.ipv4.conf.all.secure_redirects = 1
  50. #
  51. # Do not send ICMP redirects (we are not a router)
  52. #net.ipv4.conf.all.send_redirects = 0
  53. #
  54. # Do not accept IP source route packets (we are not a router)
  55. #net.ipv4.conf.all.accept_source_route = 0
  56. #net.ipv6.conf.all.accept_source_route = 0
  57. #
  58. # Log Martian Packets
  59. #net.ipv4.conf.all.log_martians = 1
  60. #
  61. vm.swappiness=1
  62.  
  63. ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
  64.  
  65. # Increase size of file handles and inode cache
  66. fs.file-max = 2097152
  67.  
  68. # Do less swapping
  69. vm.swappiness = 10
  70. vm.dirty_ratio = 60
  71. vm.dirty_background_ratio = 2
  72.  
  73. ### GENERAL NETWORK SECURITY OPTIONS ###
  74.  
  75. # Number of times SYNACKs for passive TCP connection.
  76. net.ipv4.tcp_synack_retries = 2
  77.  
  78. # Allowed local port range
  79. net.ipv4.ip_local_port_range = 2000 65535
  80.  
  81. # Protect Against TCP Time-Wait
  82. net.ipv4.tcp_rfc1337 = 1
  83.  
  84. # Decrease the time default value for tcp_fin_timeout connection
  85. net.ipv4.tcp_fin_timeout = 15
  86.  
  87. # Decrease the time default value for connections to keep alive
  88. net.ipv4.tcp_keepalive_time = 300
  89. net.ipv4.tcp_keepalive_probes = 5
  90. net.ipv4.tcp_keepalive_intvl = 15
  91.  
  92. ### TUNING NETWORK PERFORMANCE ###
  93.  
  94. # Default Socket Receive Buffer
  95. net.core.rmem_default = 31457280
  96.  
  97. # Maximum Socket Receive Buffer
  98. net.core.rmem_max = 12582912
  99.  
  100. # Default Socket Send Buffer
  101. net.core.wmem_default = 31457280
  102.  
  103. # Maximum Socket Send Buffer
  104. net.core.wmem_max = 12582912
  105.  
  106. # Increase number of incoming connections
  107. net.core.somaxconn = 4096
  108.  
  109. # Increase number of incoming connections backlog
  110. net.core.optmem_max = 25165824
  111.  
  112. # Increase the maximum total buffer-space allocatable
  113. # This is measured in units of pages (4096 bytes)
  114. net.ipv4.tcp_mem = 65536 131072 262144
  115. net.ipv4.udp_mem = 65536 131072 262144
  116.  
  117. # Increase the read-buffer space allocatable
  118. net.ipv4.tcp_rmem = 8192 87380 16777216
  119. net.ipv4.udp_rmem_min = 16384
  120.  
  121. # Increase the write-buffer-space allocatable
  122. net.ipv4.tcp_wmem = 8192 65536 16777216
  123. net.ipv4.udp_wmem_min = 16384
  124.  
  125. # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
  126. net.ipv4.tcp_max_tw_buckets = 1440000
  127. net.ipv4.tcp_tw_recycle = 1
  128. net.ipv4.tcp_tw_reuse = 1
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Pastebin PRO 'AUTUMN SPECIAL'!
Get 60% OFF Pastebin PRO accounts!
 
Top