projects / ipfire-3.x.git / blame
| Commit | Line | Data |
|---|---|---|
| 56e43a86 PM |
1 | net.ipv4.ip_forward = 1 |
| 2 | net.ipv4.ip_dynaddr = 1 | |
| 3 | ||
| 4 | net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| 5 | net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
| 6 | net.ipv4.icmp_ratelimit = 1000 | |
| 7 | net.ipv4.icmp_ratemask = 6168 | |
| 8 | ||
| 9 | net.ipv4.tcp_syncookies = 1 | |
| 10 | net.ipv4.tcp_fin_timeout = 30 | |
| 11 | net.ipv4.tcp_syn_retries = 3 | |
| 12 | net.ipv4.tcp_synack_retries = 3 | |
| 13 | ||
| 14 | net.ipv4.conf.default.arp_filter = 1 | |
| 15 | net.ipv4.conf.default.rp_filter = 1 | |
| 16 | net.ipv4.conf.default.accept_redirects = 0 | |
| 17 | net.ipv4.conf.default.accept_source_route = 0 | |
| 18 | net.ipv4.conf.default.log_martians = 1 | |
| 19 | ||
| 20 | net.ipv4.conf.all.arp_filter = 1 | |
| 21 | net.ipv4.conf.all.rp_filter = 1 | |
| 22 | net.ipv4.conf.all.accept_redirects = 0 | |
| 23 | net.ipv4.conf.all.accept_source_route = 0 | |
| 24 | net.ipv4.conf.all.log_martians = 1 | |
| 25 | ||
| 26 | # Increase kernel buffer size maximums | |
| 27 | net.ipv4.tcp_mem = 16777216 16777216 16777216 | |
| 28 | net.ipv4.tcp_rmem = 4096 87380 16777216 | |
| 29 | net.ipv4.tcp_wmem = 4096 16384 16777216 | |
| 30 | net.ipv4.udp_mem = 3145728 4194304 16777216 | |
| 31 | ||
| 32 | # Prefer low latency over higher throughput | |
| 33 | net.ipv4.tcp_low_latency = 1 | |
| 34 | ||
| 35 | # Reserve more socket space for the TCP window | |
| 36 | net.ipv4.tcp_adv_win_scale = 2 | |
| 37 | ||
| 38 | # Enable TCP fast-open | |
| 39 | net.ipv4.tcp_fastopen = 3 | |
| 40 | ||
| 41 | # Drop RST packets for sockets in TIME-WAIT state, as described in RFC 1337. | |
| 42 | # This protects against various TCP attacks, such as DoS against or injection | |
| 43 | # of arbitrary segments into prematurely closed connections. | |
| 44 | net.ipv4.tcp_rfc1337 = 1 |