API tools faq
paste
Advertisement
earthchie

domeclass.sysctl.conf

earthchie
Nov 28th, 2015
3,476
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.16 KB | None | 0 0
raw download clone embed print report
  1. #
  2. # /etc/sysctl.conf - Configuration file for setting system variables
  3. # See /etc/sysctl.d/ for additional system variables.
  4. # See sysctl.conf (5) for information.
  5. #
  6.  
  7. #kernel.domainname = example.com
  8.  
  9. # Uncomment the following to stop low-level messages on console
  10. #kernel.printk = 3 4 1 3
  11.  
  12. ##############################################################3
  13. # Functions previously found in netbase
  14. #
  15.  
  16. # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
  17. # Turn on Source Address Verification in all interfaces to
  18. # prevent some spoofing attacks
  19. #net.ipv4.conf.default.rp_filter=1
  20. #net.ipv4.conf.all.rp_filter=1
  21.  
  22. # Uncomment the next line to enable TCP/IP SYN cookies
  23. # See http://lwn.net/Articles/277146/
  24. # Note: This may impact IPv6 TCP sessions too
  25. #net.ipv4.tcp_syncookies=1
  26.  
  27. # Uncomment the next line to enable packet forwarding for IPv4
  28. net.ipv4.ip_forward=1
  29.  
  30. # Uncomment the next line to enable packet forwarding for IPv6
  31. #  Enabling this option disables Stateless Address Autoconfiguration
  32. #  based on Router Advertisements for this host
  33. #net.ipv6.conf.all.forwarding=1
  34.  
  35.  
  36. ###################################################################
  37. # Additional settings - these settings can improve the network
  38. # security of the host and prevent against some network attacks
  39. # including spoofing attacks and man in the middle attacks through
  40. # redirection. Some network environments, however, require that these
  41. # settings are disabled so review and enable them as needed.
  42. #
  43. # Do not accept ICMP redirects (prevent MITM attacks)
  44. #net.ipv4.conf.all.accept_redirects = 0
  45. #net.ipv6.conf.all.accept_redirects = 0
  46. # _or_
  47. # Accept ICMP redirects only for gateways listed in our default
  48. # gateway list (enabled by default)
  49. # net.ipv4.conf.all.secure_redirects = 1
  50. #
  51. # Do not send ICMP redirects (we are not a router)
  52. #net.ipv4.conf.all.send_redirects = 0
  53. #
  54. # Do not accept IP source route packets (we are not a router)
  55. #net.ipv4.conf.all.accept_source_route = 0
  56. #net.ipv6.conf.all.accept_source_route = 0
  57. #
  58. # Log Martian Packets
  59. #net.ipv4.conf.all.log_martians = 1
  60. #
  61. #net.ipv4.tcp_fin_timeout = 60
  62. #net.ipv4.tcp_retries1 = 3
  63. net.ipv4.tcp_keepalive_probes = 9
  64. net.ipv4.tcp_keepalive_time = 7200
  65. net.ipv4.tcp_syn_retries = 5
  66.  
  67. kernel.sem = 250 32000 100 128
  68. kernel.shmall = 209715200
  69. kernel.shmmax = 214748364800
  70. kernel.shmmni = 4096
  71. fs.file-max = 1000000
  72. vm.swappiness = 0
  73. vm.vfs_cache_pressure = 50
  74.  
  75. net.ipv4.tcp_fin_timeout = 3
  76. net.core.netdev_max_backlog = 30000
  77. net.ipv4.tcp_no_metrics_save = 1
  78. net.ipv4.tcp_synack_retries = 2
  79. net.ipv4.tcp_syn_retries = 2
  80. net.ipv4.tcp_max_syn_backlog = 8192
  81. net.core.rmem_max = 16777216
  82. net.core.wmem_max = 16777216
  83. net.ipv4.tcp_rmem = 4096 87380 16777216
  84. net.ipv4.tcp_wmem = 4096 65536 16777216
  85. net.core.somaxconn = 8192
  86. vm.min_free_kbytes = 65536
  87.  
  88. #net.core.rmem_max = 16777216
  89. #net.core.wmem_max = 16777216
  90. #net.ipv4.tcp_rmem = 4096 87380 16777216
  91. #net.ipv4.tcp_wmem = 4096 65536 16777216
  92. #net.ipv4.tcp_no_metrics_save = 1
  93. #net.ipv4.tcp_syncookies = 1
  94. #net.ipv4.tcp_max_syn_backlog = 2048
  95. #net.ipv4.tcp_synack_retries = 2
  96. #net.ipv4.tcp_syncookies
  97.  
  98. net.ipv4.tcp_tw_reuse = 1
  99. net.ipv4.tcp_tw_recycle = 1
  100. net.ipv4.tcp_mem = 786432 1048576 1572864
  101. kernel.pid_max = 65536
  102. net.ipv6.conf.all.disable_ipv6=1
  103. net.ipv4.tcp_syncookies = 0
  104.  
  105. net.bridge.bridge-nf-call-iptables = 0
  106. net.ipv4.ip_local_port_range = 2000 65000
  107. net.ipv4.tcp_window_scaling = 1
  108. # number of packets to keep in backlog before the kernel starts dropping them
  109. net.ipv4.tcp_max_syn_backlog = 8240000
  110.       # increase socket listen backlog
  111. #net.core.somaxconn = 824000
  112. net.ipv4.tcp_max_tw_buckets = 1440000
  113.         # Increase TCP buffer sizes
  114. net.core.rmem_default = 8388608
  115. net.core.rmem_max = 16777216
  116. net.core.wmem_max = 16777216
  117. net.ipv4.tcp_rmem = 4096 87380 16777216
  118. net.ipv4.tcp_wmem = 4096 65536 16777216
  119. net.ipv4.tcp_congestion_control = cubic
  120. net.bridge.bridge-nf-call-iptables = 0
  121. kernel.perf_event_max_sample_rate = 25000
  122. net.netfilter.nf_conntrack_max = 556000
  123. net.ipv4.tcp_congestion_control=htcp
  124. net.ipv4.netfilter.ip_conntrack_max = 409600
  125.  
  126. kernel.printk_ratelimit = 30
  127. kernel.printk_ratelimit_burst = 500
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!