SHARE
TWEET

Untitled

a guest Aug 20th, 2017 82 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Kernel sysctl configuration file for Red Hat Linux
  2. #
  3. # For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
  4. # sysctl.conf(5) for more details.
  5. #
  6. # Use '/sbin/sysctl -a' to list all possible parameters.
  7.  
  8. # Controls IP packet forwarding
  9. net.ipv4.ip_forward = 0
  10.  
  11. # Controls source route verification
  12. net.ipv4.conf.default.rp_filter = 1
  13.  
  14. # Do not accept source routing
  15. net.ipv4.conf.default.accept_source_route = 0
  16.  
  17. # Controls the System Request debugging functionality of the kernel
  18. kernel.sysrq = 0
  19.  
  20. # Controls whether core dumps will append the PID to the core filename.
  21. # Useful for debugging multi-threaded applications.
  22. kernel.core_uses_pid = 1
  23.  
  24. # Controls the use of TCP syncookies
  25. net.ipv4.tcp_syncookies = 1
  26.  
  27. # Controls the default maxmimum size of a mesage queue
  28. kernel.msgmnb = 65536
  29.  
  30. # Controls the maximum size of a message, in bytes
  31. kernel.msgmax = 65536
  32.  
  33. # Controls the maximum shared segment size, in bytes
  34. kernel.shmmax = 68719476736
  35.  
  36. # Controls the maximum number of shared memory segments, in pages
  37. kernel.shmall = 4294967296
  38. net.ipv4.tcp_challenge_ack_limit = 999999999
  39.  
  40. net.ipv6.conf.all.disable_ipv6 = 0
  41. net.ipv6.conf.default.disable_ipv6 = 0
  42.  
  43.  
  44. ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
  45.  
  46. # Increase size of file handles and inode cache
  47. fs.nr_open=12000000
  48. fs.file-max = 206656
  49.  
  50. # Do less swapping
  51. vm.swappiness = 50
  52. vm.vfs_cache_pressure = 50
  53. vm.dirty_ratio = 60
  54. vm.dirty_background_ratio = 2
  55.  
  56. ### GENERAL NETWORK SECURITY OPTIONS ###
  57.  
  58. # Number of times SYNACKs for passive TCP connection.
  59. net.ipv4.tcp_synack_retries = 2
  60.  
  61. # Allowed local port range
  62. net.ipv4.ip_local_port_range = 2000 65535
  63.  
  64. # Protect Against TCP Time-Wait
  65. net.ipv4.tcp_rfc1337 = 1
  66.  
  67. # Decrease the time default value for tcp_fin_timeout connection
  68. net.ipv4.tcp_fin_timeout = 15
  69.  
  70. # Decrease the time default value for connections to keep alive
  71. net.ipv4.tcp_keepalive_time = 30
  72. net.ipv4.tcp_keepalive_probes = 5
  73. net.ipv4.tcp_keepalive_intvl = 15
  74.  
  75. ### TUNING NETWORK PERFORMANCE ###
  76.  
  77. # Default Socket Receive Buffer
  78. net.core.rmem_default = 31457280
  79.  
  80. # Maximum Socket Receive Buffer
  81. net.core.rmem_max = 12582912
  82.  
  83. # Default Socket Send Buffer
  84. net.core.wmem_default = 31457280
  85.  
  86. # Maximum Socket Send Buffer
  87. net.core.wmem_max = 12582912
  88.  
  89. # Increase number of incoming connections
  90. net.core.somaxconn = 65535
  91.  
  92. # Increase number of incoming connections backlog
  93. net.core.netdev_max_backlog = 65535
  94.  
  95. # Increase the maximum amount of option memory buffers
  96. net.core.optmem_max = 25165824
  97.  
  98. # Increase the maximum total buffer-space allocatable
  99. # This is measured in units of pages (4096 bytes)
  100. net.ipv4.tcp_mem = 65535 131072 262144
  101. net.ipv4.udp_mem = 65535 131072 262144
  102.  
  103. # Increase the read-buffer space allocatable
  104. net.ipv4.tcp_rmem = 8192 87380 16777216
  105. net.ipv4.udp_rmem_min = 16384
  106.  
  107. # Increase the write-buffer-space allocatable
  108. net.ipv4.tcp_wmem = 8192 65535 16777216
  109. net.ipv4.udp_wmem_min = 16384
  110.  
  111. # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
  112. net.ipv4.tcp_max_tw_buckets = 1440000
  113. net.ipv4.tcp_tw_recycle = 0
  114. net.ipv4.tcp_tw_reuse = 0
  115.  
  116. net.core.default_qdisc = fq
  117. net.ipv4.tcp_congestion_control = bbr
  118.  
  119. vm.overcommit_memory = 1
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top