setup: Port networking-related sysctls from IPFire 2.x

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

diff --git a/setup/sysctl/networking.conf b/setup/sysctl/networking.conf
new file mode 100644 (file)
index 0000000..1f93108
--- /dev/null
+++ b/setup/sysctl/networking.conf
@@ -0,0 +1,44 @@
+net.ipv4.ip_forward = 1
+net.ipv4.ip_dynaddr = 1
+
+net.ipv4.icmp_echo_ignore_broadcasts = 1
+net.ipv4.icmp_ignore_bogus_error_responses = 1
+net.ipv4.icmp_ratelimit = 1000
+net.ipv4.icmp_ratemask = 6168
+
+net.ipv4.tcp_syncookies = 1
+net.ipv4.tcp_fin_timeout = 30
+net.ipv4.tcp_syn_retries = 3
+net.ipv4.tcp_synack_retries = 3
+
+net.ipv4.conf.default.arp_filter = 1
+net.ipv4.conf.default.rp_filter = 1
+net.ipv4.conf.default.accept_redirects = 0
+net.ipv4.conf.default.accept_source_route = 0
+net.ipv4.conf.default.log_martians = 1
+
+net.ipv4.conf.all.arp_filter = 1
+net.ipv4.conf.all.rp_filter = 1
+net.ipv4.conf.all.accept_redirects = 0
+net.ipv4.conf.all.accept_source_route = 0
+net.ipv4.conf.all.log_martians = 1
+
+# Increase kernel buffer size maximums
+net.ipv4.tcp_mem = 16777216 16777216 16777216
+net.ipv4.tcp_rmem = 4096 87380 16777216
+net.ipv4.tcp_wmem = 4096 16384 16777216
+net.ipv4.udp_mem = 3145728 4194304 16777216
+
+# Prefer low latency over higher throughput
+net.ipv4.tcp_low_latency = 1
+
+# Reserve more socket space for the TCP window
+net.ipv4.tcp_adv_win_scale = 2
+
+# Enable TCP fast-open
+net.ipv4.tcp_fastopen = 3
+
+# Drop RST packets for sockets in TIME-WAIT state, as described in RFC 1337.
+# This protects against various TCP attacks, such as DoS against or injection
+# of arbitrary segments into prematurely closed connections.
+net.ipv4.tcp_rfc1337 = 1