3 # Disables IPv4 packet forwarding
4 net.ipv4.ip_forward = 0
6 # Enables source route verification
7 net.ipv4.conf.all.rp_filter = 1
9 # Accept ICMP redirect messages (suggested 1 for hosts and 0 for routers)
10 # net.ipv4.conf.all.accept_redirects = 1
12 # Accept source routed packages (suggested 0 for hosts and 1 for routers)
13 # net.ipv4.conf.all.accept_source_route = 1
15 # Log packets with source addresses with no known route to kernel log
16 # net.ipv4.conf.all.log_martians = 1
18 # Do multicast routing ? The kernel needs to be compiled with
19 # CONFIG_MROUTE and a multicast routing daemon is required.
20 # net.ipv4.conf.all.mc_forwarding = 1
23 # net.ipv4.conf.all.proxy_arp = 1
25 # Accept ICMP redirect messages only for gateways, listed in
26 # default gateway list ?
27 # net.ipv4.conf.all.secure_redirects = 1
29 # Send ICMP redirects to other hosts ?
30 # net.ipv4.conf.all.send_redirects = 1
32 # Ignore all ICMP echo requests ?
33 # net.ipv4.icmp_echo_ignore_all = 1
35 # Ignore ICMP echo requests to broadcast and multicast addresses ?
36 # net.ipv4.icmp_echo_ignore_broadcasts = 1
38 # Enable MTU discovery patch ? (KERNEL MUST SUPPORT THIS)
39 # MTU (maximal transfer unit) is the size of the chunks we send out
40 # over the net. "Path MTU Discovery" means that, instead of always
41 # sending very small chunks, we start out sending big ones and if we
42 # then discover that some host along the way likes its chunks smaller,
43 # we adjust to a smaller size.
44 # net.ipv4.ip_no_pmtu_disc = 1
46 # Enable debugging of IP masquerading ?
47 # net.ipv4.ip_masq_debug = 1
49 # Bug-to-bug compatibility with some broken printers. On retransmit
50 # try to send bigger packets to work around bugs in certain TCP
51 # stacks. Can be turned off by setting IPV4_RETRANS_COLLAPSE to ,,yes''.
52 # net.ipv4.tcp_retrans_collapse = 1
54 # Disable select acknowledgments after RFC2018 ?
55 # TCP may experience poor performance when multiple packets are lost
56 # from one window of data. With the limited information available
57 # from cumulative acknowledgments, a TCP sender can only learn about a
58 # single lost packet per round trip time. An aggressive sender could
59 # choose to retransmit packets early, but such retransmitted segments
60 # may have already been successfully received.
61 # net.ipv4.tcp_sack = 0
63 # Disable timestamps as defined in RFC1323 ?
64 # Timestamps are designed to provide compatible interworking with
65 # TCP's that do not implement the TCP Extensions for High Performance
66 # net.ipv4.tcp_timestamps = 0
68 # Enable the strict RFC793 interpretation of the TCP urgent pointer field.
69 # net.ipv4.tcp_stdurg = 1
71 # Enable tcp_syncookies
72 net.ipv4.tcp_syncookies = 1
74 # Disable window scaling as defined in RFC1323 ?
75 # The window scale extension expands the definition of the TCP
76 # window to 32 bits and then uses a scale factor to carry this
77 # 32-bit value in the 16-bit Window field of the TCP header.
78 # net.ipv4.tcp_window_scaling = 0
80 # Enable dynamic socket address rewriting on interface address change.
81 # This is useful for dialup interface with changing IP addresses.
82 # sys.net.ipv4.ip_dynaddr = 7
84 # Range of ports used by TCP and UDP to choose the local
85 # port. Contains two numbers, the first number is the lowest port,
86 # the second number the highest local port. Default is "1024 4999".
87 # Should be changed to "32768 61000" for high-usage systems.
88 net.ipv4.ip_local_port_range = 1024 4999
90 # Disables automatic defragmentation (needed for masquerading, LVS)
91 # Non existant on Linux 2.4
92 # net.ipv4.ip_always_defrag = 0
96 # Disables IPv6 packet forwarding
97 net.ipv6.conf.all.forwarding = 0
99 # Do you want IPv6 address autoconfiguration? Kernel default is yes.
100 # net.ipv6.conf.all.autoconf = 0
102 # Do you want kernel to add default route for IPv6 interfaces if
103 # there is no router on the link? Kernel default is yes.
104 # Kernel 2.4.0-test? or later (after ANK accepts my patch - baggins).
105 # net.ipv6.conf.all.autoconf_route = 0
109 # Adjust number of inodes and file handles available in the system.
110 # If you have a havily loaded system and kernel complains about
111 # file/inode limit reached in VFS, increase this 2x. The default
112 # value is 4096 (file) and 8192 (inode). The inode number should be
113 # always 2-3 times the file number. For most systems this should not
116 # fs.inode-max = 16384
118 # Enable the magic-sysrq key