]>
Commit | Line | Data |
---|---|---|
de1fc6ce JR |
1 | ### IPV4 NETWORKING |
2 | ||
3 | # Disables IPv4 packet forwarding | |
4 | net.ipv4.ip_forward = 0 | |
5 | ||
6 | # Enables source route verification | |
7 | net.ipv4.conf.all.rp_filter = 1 | |
8 | ||
9 | # Accept ICMP redirect messages (suggested 1 for hosts and 0 for routers) | |
10 | # net.ipv4.conf.all.accept_redirects = 1 | |
11 | ||
12 | # Accept source routed packages (suggested 0 for hosts and 1 for routers) | |
13 | # net.ipv4.conf.all.accept_source_route = 1 | |
14 | ||
15 | # Log packets with source addresses with no known route to kernel log | |
16 | # net.ipv4.conf.all.log_martians = 1 | |
17 | ||
18 | # Do multicast routing ? The kernel needs to be compiled with | |
19 | # CONFIG_MROUTE and a multicast routing daemon is required. | |
20 | # net.ipv4.conf.all.mc_forwarding = 1 | |
21 | ||
22 | # Do proxy ARP ? | |
23 | # net.ipv4.conf.all.proxy_arp = 1 | |
24 | ||
25 | # Accept ICMP redirect messages only for gateways, listed in | |
26 | # default gateway list ? | |
27 | # net.ipv4.conf.all.secure_redirects = 1 | |
28 | ||
29 | # Send ICMP redirects to other hosts ? | |
30 | # net.ipv4.conf.all.send_redirects = 1 | |
31 | ||
32 | # Ignore all ICMP echo requests ? | |
33 | # net.ipv4.icmp_echo_ignore_all = 1 | |
34 | ||
35 | # Ignore ICMP echo requests to broadcast and multicast addresses ? | |
36 | # net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
37 | ||
38 | # Enable MTU discovery patch ? (KERNEL MUST SUPPORT THIS) | |
39 | # MTU (maximal transfer unit) is the size of the chunks we send out | |
40 | # over the net. "Path MTU Discovery" means that, instead of always | |
41 | # sending very small chunks, we start out sending big ones and if we | |
42 | # then discover that some host along the way likes its chunks smaller, | |
43 | # we adjust to a smaller size. | |
44 | # net.ipv4.ip_no_pmtu_disc = 1 | |
45 | ||
46 | # Enable debugging of IP masquerading ? | |
47 | # net.ipv4.ip_masq_debug = 1 | |
48 | ||
49 | # Bug-to-bug compatibility with some broken printers. On retransmit | |
50 | # try to send bigger packets to work around bugs in certain TCP | |
51 | # stacks. Can be turned off by setting IPV4_RETRANS_COLLAPSE to ,,yes''. | |
52 | # net.ipv4.tcp_retrans_collapse = 1 | |
53 | ||
54 | # Disable select acknowledgments after RFC2018 ? | |
55 | # TCP may experience poor performance when multiple packets are lost | |
56 | # from one window of data. With the limited information available | |
57 | # from cumulative acknowledgments, a TCP sender can only learn about a | |
58 | # single lost packet per round trip time. An aggressive sender could | |
59 | # choose to retransmit packets early, but such retransmitted segments | |
60 | # may have already been successfully received. | |
61 | # net.ipv4.tcp_sack = 0 | |
62 | ||
63 | # Disable timestamps as defined in RFC1323 ? | |
64 | # Timestamps are designed to provide compatible interworking with | |
65 | # TCP's that do not implement the TCP Extensions for High Performance | |
66 | # net.ipv4.tcp_timestamps = 0 | |
67 | ||
68 | # Enable the strict RFC793 interpretation of the TCP urgent pointer field. | |
69 | # net.ipv4.tcp_stdurg = 1 | |
70 | ||
71 | # Enable tcp_syncookies | |
72 | net.ipv4.tcp_syncookies = 1 | |
73 | ||
74 | # Disable window scaling as defined in RFC1323 ? | |
75 | # The window scale extension expands the definition of the TCP | |
76 | # window to 32 bits and then uses a scale factor to carry this | |
77 | # 32-bit value in the 16-bit Window field of the TCP header. | |
78 | # net.ipv4.tcp_window_scaling = 0 | |
79 | ||
80 | # Enable dynamic socket address rewriting on interface address change. | |
81 | # This is useful for dialup interface with changing IP addresses. | |
82 | # sys.net.ipv4.ip_dynaddr = 7 | |
83 | ||
84 | # Range of ports used by TCP and UDP to choose the local | |
85 | # port. Contains two numbers, the first number is the lowest port, | |
86 | # the second number the highest local port. Default is "1024 4999". | |
87 | # Should be changed to "32768 61000" for high-usage systems. | |
88 | net.ipv4.ip_local_port_range = 1024 4999 | |
89 | ||
90 | # Disables automatic defragmentation (needed for masquerading, LVS) | |
91 | # Non existant on Linux 2.4 | |
92 | # net.ipv4.ip_always_defrag = 0 | |
93 | ||
94 | ### IPV6 NETWORKING | |
95 | ||
96 | # Disables IPv6 packet forwarding | |
97 | net.ipv6.conf.all.forwarding = 0 | |
98 | ||
99 | # Do you want IPv6 address autoconfiguration? Kernel default is yes. | |
100 | # net.ipv6.conf.all.autoconf = 0 | |
101 | ||
102 | # Do you want kernel to add default route for IPv6 interfaces if | |
103 | # there is no router on the link? Kernel default is yes. | |
104 | # Kernel 2.4.0-test? or later (after ANK accepts my patch - baggins). | |
105 | # net.ipv6.conf.all.autoconf_route = 0 | |
106 | ||
107 | ### OTHER SETTINGS | |
108 | ||
109 | # Adjust number of inodes and file handles available in the system. | |
110 | # If you have a havily loaded system and kernel complains about | |
111 | # file/inode limit reached in VFS, increase this 2x. The default | |
112 | # value is 4096 (file) and 8192 (inode). The inode number should be | |
113 | # always 2-3 times the file number. For most systems this should not | |
114 | # be changed | |
115 | # fs.file-max = 8192 | |
116 | # fs.inode-max = 16384 | |
117 | ||
118 | # Enable the magic-sysrq key | |
119 | kernel.sysrq = 1 |