]>
Commit | Line | Data |
---|---|---|
56e43a86 PM |
1 | net.ipv4.ip_forward = 1 |
2 | net.ipv4.ip_dynaddr = 1 | |
3 | ||
4 | net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
5 | net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
6 | net.ipv4.icmp_ratelimit = 1000 | |
7 | net.ipv4.icmp_ratemask = 6168 | |
8 | ||
9 | net.ipv4.tcp_syncookies = 1 | |
10 | net.ipv4.tcp_fin_timeout = 30 | |
11 | net.ipv4.tcp_syn_retries = 3 | |
12 | net.ipv4.tcp_synack_retries = 3 | |
13 | ||
14 | net.ipv4.conf.default.arp_filter = 1 | |
15 | net.ipv4.conf.default.rp_filter = 1 | |
16 | net.ipv4.conf.default.accept_redirects = 0 | |
17 | net.ipv4.conf.default.accept_source_route = 0 | |
18 | net.ipv4.conf.default.log_martians = 1 | |
19 | ||
20 | net.ipv4.conf.all.arp_filter = 1 | |
21 | net.ipv4.conf.all.rp_filter = 1 | |
22 | net.ipv4.conf.all.accept_redirects = 0 | |
23 | net.ipv4.conf.all.accept_source_route = 0 | |
24 | net.ipv4.conf.all.log_martians = 1 | |
25 | ||
26 | # Increase kernel buffer size maximums | |
27 | net.ipv4.tcp_mem = 16777216 16777216 16777216 | |
28 | net.ipv4.tcp_rmem = 4096 87380 16777216 | |
29 | net.ipv4.tcp_wmem = 4096 16384 16777216 | |
30 | net.ipv4.udp_mem = 3145728 4194304 16777216 | |
31 | ||
32 | # Prefer low latency over higher throughput | |
33 | net.ipv4.tcp_low_latency = 1 | |
34 | ||
35 | # Reserve more socket space for the TCP window | |
36 | net.ipv4.tcp_adv_win_scale = 2 | |
37 | ||
38 | # Enable TCP fast-open | |
39 | net.ipv4.tcp_fastopen = 3 | |
40 | ||
41 | # Drop RST packets for sockets in TIME-WAIT state, as described in RFC 1337. | |
42 | # This protects against various TCP attacks, such as DoS against or injection | |
43 | # of arbitrary segments into prematurely closed connections. | |
44 | net.ipv4.tcp_rfc1337 = 1 |