earthchie

domeclass.sysctl.conf

Nov 28th, 2015
3,100
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # /etc/sysctl.conf - Configuration file for setting system variables
  3. # See /etc/sysctl.d/ for additional system variables.
  4. # See sysctl.conf (5) for information.
  5. #
  6.  
  7. #kernel.domainname = example.com
  8.  
  9. # Uncomment the following to stop low-level messages on console
  10. #kernel.printk = 3 4 1 3
  11.  
  12. ##############################################################3
  13. # Functions previously found in netbase
  14. #
  15.  
  16. # Uncomment the next two lines to enable Spoof protection (reverse-path filter)
  17. # Turn on Source Address Verification in all interfaces to
  18. # prevent some spoofing attacks
  19. #net.ipv4.conf.default.rp_filter=1
  20. #net.ipv4.conf.all.rp_filter=1
  21.  
  22. # Uncomment the next line to enable TCP/IP SYN cookies
  23. # See http://lwn.net/Articles/277146/
  24. # Note: This may impact IPv6 TCP sessions too
  25. #net.ipv4.tcp_syncookies=1
  26.  
  27. # Uncomment the next line to enable packet forwarding for IPv4
  28. net.ipv4.ip_forward=1
  29.  
  30. # Uncomment the next line to enable packet forwarding for IPv6
  31. #  Enabling this option disables Stateless Address Autoconfiguration
  32. #  based on Router Advertisements for this host
  33. #net.ipv6.conf.all.forwarding=1
  34.  
  35.  
  36. ###################################################################
  37. # Additional settings - these settings can improve the network
  38. # security of the host and prevent against some network attacks
  39. # including spoofing attacks and man in the middle attacks through
  40. # redirection. Some network environments, however, require that these
  41. # settings are disabled so review and enable them as needed.
  42. #
  43. # Do not accept ICMP redirects (prevent MITM attacks)
  44. #net.ipv4.conf.all.accept_redirects = 0
  45. #net.ipv6.conf.all.accept_redirects = 0
  46. # _or_
  47. # Accept ICMP redirects only for gateways listed in our default
  48. # gateway list (enabled by default)
  49. # net.ipv4.conf.all.secure_redirects = 1
  50. #
  51. # Do not send ICMP redirects (we are not a router)
  52. #net.ipv4.conf.all.send_redirects = 0
  53. #
  54. # Do not accept IP source route packets (we are not a router)
  55. #net.ipv4.conf.all.accept_source_route = 0
  56. #net.ipv6.conf.all.accept_source_route = 0
  57. #
  58. # Log Martian Packets
  59. #net.ipv4.conf.all.log_martians = 1
  60. #
  61. #net.ipv4.tcp_fin_timeout = 60
  62. #net.ipv4.tcp_retries1 = 3
  63. net.ipv4.tcp_keepalive_probes = 9
  64. net.ipv4.tcp_keepalive_time = 7200
  65. net.ipv4.tcp_syn_retries = 5
  66.  
  67. kernel.sem = 250 32000 100 128
  68. kernel.shmall = 209715200
  69. kernel.shmmax = 214748364800
  70. kernel.shmmni = 4096
  71. fs.file-max = 1000000
  72. vm.swappiness = 0
  73. vm.vfs_cache_pressure = 50
  74.  
  75. net.ipv4.tcp_fin_timeout = 3
  76. net.core.netdev_max_backlog = 30000
  77. net.ipv4.tcp_no_metrics_save = 1
  78. net.ipv4.tcp_synack_retries = 2
  79. net.ipv4.tcp_syn_retries = 2
  80. net.ipv4.tcp_max_syn_backlog = 8192
  81. net.core.rmem_max = 16777216
  82. net.core.wmem_max = 16777216
  83. net.ipv4.tcp_rmem = 4096 87380 16777216
  84. net.ipv4.tcp_wmem = 4096 65536 16777216
  85. net.core.somaxconn = 8192
  86. vm.min_free_kbytes = 65536
  87.  
  88. #net.core.rmem_max = 16777216
  89. #net.core.wmem_max = 16777216
  90. #net.ipv4.tcp_rmem = 4096 87380 16777216
  91. #net.ipv4.tcp_wmem = 4096 65536 16777216
  92. #net.ipv4.tcp_no_metrics_save = 1
  93. #net.ipv4.tcp_syncookies = 1
  94. #net.ipv4.tcp_max_syn_backlog = 2048
  95. #net.ipv4.tcp_synack_retries = 2
  96. #net.ipv4.tcp_syncookies
  97.  
  98. net.ipv4.tcp_tw_reuse = 1
  99. net.ipv4.tcp_tw_recycle = 1
  100. net.ipv4.tcp_mem = 786432 1048576 1572864
  101. kernel.pid_max = 65536
  102. net.ipv6.conf.all.disable_ipv6=1
  103. net.ipv4.tcp_syncookies = 0
  104.  
  105. net.bridge.bridge-nf-call-iptables = 0
  106. net.ipv4.ip_local_port_range = 2000 65000
  107. net.ipv4.tcp_window_scaling = 1
  108. # number of packets to keep in backlog before the kernel starts dropping them
  109. net.ipv4.tcp_max_syn_backlog = 8240000
  110.       # increase socket listen backlog
  111. #net.core.somaxconn = 824000
  112. net.ipv4.tcp_max_tw_buckets = 1440000
  113.         # Increase TCP buffer sizes
  114. net.core.rmem_default = 8388608
  115. net.core.rmem_max = 16777216
  116. net.core.wmem_max = 16777216
  117. net.ipv4.tcp_rmem = 4096 87380 16777216
  118. net.ipv4.tcp_wmem = 4096 65536 16777216
  119. net.ipv4.tcp_congestion_control = cubic
  120. net.bridge.bridge-nf-call-iptables = 0
  121. kernel.perf_event_max_sample_rate = 25000
  122. net.netfilter.nf_conntrack_max = 556000
  123. net.ipv4.tcp_congestion_control=htcp
  124. net.ipv4.netfilter.ip_conntrack_max = 409600
  125.  
  126. kernel.printk_ratelimit = 30
  127. kernel.printk_ratelimit_burst = 500
RAW Paste Data