Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Kernel sysctl configuration file for Red Hat Linux
- #
- # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
- # sysctl.conf(5) for more details.
- #
- # Use '/sbin/sysctl -a' to list all possible parameters.
- # Controls IP packet forwarding
- net.ipv4.ip_forward = 0
- # Controls source route verification
- net.ipv4.conf.default.rp_filter = 1
- # Do not accept source routing
- net.ipv4.conf.default.accept_source_route = 0
- # Controls the System Request debugging functionality of the kernel
- kernel.sysrq = 0
- # Controls whether core dumps will append the PID to the core filename.
- # Useful for debugging multi-threaded applications.
- kernel.core_uses_pid = 1
- # Controls the use of TCP syncookies
- net.ipv4.tcp_syncookies = 1
- # Controls the default maxmimum size of a mesage queue
- kernel.msgmnb = 65536
- # Controls the maximum size of a message, in bytes
- kernel.msgmax = 65536
- # Controls the maximum shared segment size, in bytes
- kernel.shmmax = 68719476736
- # Controls the maximum number of shared memory segments, in pages
- kernel.shmall = 4294967296
- net.ipv4.tcp_challenge_ack_limit = 999999999
- net.ipv6.conf.all.disable_ipv6 = 0
- net.ipv6.conf.default.disable_ipv6 = 0
- ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
- # Increase size of file handles and inode cache
- fs.nr_open=12000000
- fs.file-max = 206656
- # Do less swapping
- vm.swappiness = 50
- vm.vfs_cache_pressure = 50
- vm.dirty_ratio = 60
- vm.dirty_background_ratio = 2
- ### GENERAL NETWORK SECURITY OPTIONS ###
- # Number of times SYNACKs for passive TCP connection.
- net.ipv4.tcp_synack_retries = 2
- # Allowed local port range
- net.ipv4.ip_local_port_range = 2000 65535
- # Protect Against TCP Time-Wait
- net.ipv4.tcp_rfc1337 = 1
- # Decrease the time default value for tcp_fin_timeout connection
- net.ipv4.tcp_fin_timeout = 15
- # Decrease the time default value for connections to keep alive
- net.ipv4.tcp_keepalive_time = 30
- net.ipv4.tcp_keepalive_probes = 5
- net.ipv4.tcp_keepalive_intvl = 15
- ### TUNING NETWORK PERFORMANCE ###
- # Default Socket Receive Buffer
- net.core.rmem_default = 31457280
- # Maximum Socket Receive Buffer
- net.core.rmem_max = 12582912
- # Default Socket Send Buffer
- net.core.wmem_default = 31457280
- # Maximum Socket Send Buffer
- net.core.wmem_max = 12582912
- # Increase number of incoming connections
- net.core.somaxconn = 65535
- # Increase number of incoming connections backlog
- net.core.netdev_max_backlog = 65535
- # Increase the maximum amount of option memory buffers
- net.core.optmem_max = 25165824
- # Increase the maximum total buffer-space allocatable
- # This is measured in units of pages (4096 bytes)
- net.ipv4.tcp_mem = 65535 131072 262144
- net.ipv4.udp_mem = 65535 131072 262144
- # Increase the read-buffer space allocatable
- net.ipv4.tcp_rmem = 8192 87380 16777216
- net.ipv4.udp_rmem_min = 16384
- # Increase the write-buffer-space allocatable
- net.ipv4.tcp_wmem = 8192 65535 16777216
- net.ipv4.udp_wmem_min = 16384
- # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
- net.ipv4.tcp_max_tw_buckets = 1440000
- net.ipv4.tcp_tw_recycle = 0
- net.ipv4.tcp_tw_reuse = 0
- net.core.default_qdisc = fq
- net.ipv4.tcp_congestion_control = bbr
- vm.overcommit_memory = 1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement