# Kernel sysctl configuration file for Red Hat Linux## For binary values, 0

1. # Kernel sysctl configuration file for Red Hat Linux
2. #
3. # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
4. # sysctl.conf(5) for more details.
5. #
6. # Use '/sbin/sysctl -a' to list all possible parameters.
7.  
8. # Controls IP packet forwarding
9. net.ipv4.ip_forward = 0
10.  
11. # Controls source route verification
12. net.ipv4.conf.default.rp_filter = 1
13.  
14. # Do not accept source routing
15. net.ipv4.conf.default.accept_source_route = 0
16.  
17. # Controls the System Request debugging functionality of the kernel
18. kernel.sysrq = 0
19.  
20. # Controls whether core dumps will append the PID to the core filename.
21. # Useful for debugging multi-threaded applications.
22. kernel.core_uses_pid = 1
23.  
24. # Controls the use of TCP syncookies
25. net.ipv4.tcp_syncookies = 1
26.  
27. # Controls the default maxmimum size of a mesage queue
28. kernel.msgmnb = 65536
29.  
30. # Controls the maximum size of a message, in bytes
31. kernel.msgmax = 65536
32.  
33. # Controls the maximum shared segment size, in bytes
34. kernel.shmmax = 68719476736
35.  
36. # Controls the maximum number of shared memory segments, in pages
37. kernel.shmall = 4294967296
38. net.ipv4.tcp_challenge_ack_limit = 999999999
39.  
40. net.ipv6.conf.all.disable_ipv6 = 0
41. net.ipv6.conf.default.disable_ipv6 = 0
42.  
43.  
44. ### IMPROVE SYSTEM MEMORY MANAGEMENT ###
45.  
46. # Increase size of file handles and inode cache
47. fs.nr_open=12000000
48. fs.file-max = 206656
49.  
50. # Do less swapping
51. vm.swappiness = 50
52. vm.vfs_cache_pressure = 50
53. vm.dirty_ratio = 60
54. vm.dirty_background_ratio = 2
55.  
56. ### GENERAL NETWORK SECURITY OPTIONS ###
57.  
58. # Number of times SYNACKs for passive TCP connection.
59. net.ipv4.tcp_synack_retries = 2
60.  
61. # Allowed local port range
62. net.ipv4.ip_local_port_range = 2000 65535
63.  
64. # Protect Against TCP Time-Wait
65. net.ipv4.tcp_rfc1337 = 1
66.  
67. # Decrease the time default value for tcp_fin_timeout connection
68. net.ipv4.tcp_fin_timeout = 15
69.  
70. # Decrease the time default value for connections to keep alive
71. net.ipv4.tcp_keepalive_time = 30
72. net.ipv4.tcp_keepalive_probes = 5
73. net.ipv4.tcp_keepalive_intvl = 15
74.  
75. ### TUNING NETWORK PERFORMANCE ###
76.  
77. # Default Socket Receive Buffer
78. net.core.rmem_default = 31457280
79.  
80. # Maximum Socket Receive Buffer
81. net.core.rmem_max = 12582912
82.  
83. # Default Socket Send Buffer
84. net.core.wmem_default = 31457280
85.  
86. # Maximum Socket Send Buffer
87. net.core.wmem_max = 12582912
88.  
89. # Increase number of incoming connections
90. net.core.somaxconn = 65535
91.  
92. # Increase number of incoming connections backlog
93. net.core.netdev_max_backlog = 65535
94.  
95. # Increase the maximum amount of option memory buffers
96. net.core.optmem_max = 25165824
97.  
98. # Increase the maximum total buffer-space allocatable
99. # This is measured in units of pages (4096 bytes)
100. net.ipv4.tcp_mem = 65535 131072 262144
101. net.ipv4.udp_mem = 65535 131072 262144
102.  
103. # Increase the read-buffer space allocatable
104. net.ipv4.tcp_rmem = 8192 87380 16777216
105. net.ipv4.udp_rmem_min = 16384
106.  
107. # Increase the write-buffer-space allocatable
108. net.ipv4.tcp_wmem = 8192 65535 16777216
109. net.ipv4.udp_wmem_min = 16384
110.  
111. # Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
112. net.ipv4.tcp_max_tw_buckets = 1440000
113. net.ipv4.tcp_tw_recycle = 0
114. net.ipv4.tcp_tw_reuse = 0
115.  
116. net.core.default_qdisc = fq
117. net.ipv4.tcp_congestion_control = bbr
118.  
119. vm.overcommit_memory = 1