2011-04-26 12:26:24 +02:00
|
|
|
#
|
|
|
|
# Kernel sysctl configuration file
|
|
|
|
#
|
|
|
|
# /etc/sysctl.conf - Configuration file for setting system variables
|
|
|
|
# See sysctl(8) and sysctl.conf (5) for more details.
|
|
|
|
|
|
|
|
# Enable IP packet forwarding between interfaces (act as a firewall, or router)
|
|
|
|
#net.ipv4.ip_forward = 1
|
|
|
|
|
|
|
|
# Disable ICMP redirect messages
|
|
|
|
net.ipv4.conf.all.accept_redirects = 0
|
|
|
|
|
|
|
|
# Do not accept source routing
|
|
|
|
net.ipv4.conf.all.accept_source_route = 0
|
|
|
|
|
|
|
|
# Log packages that have source addresses with no known route ("martians")
|
|
|
|
net.ipv4.conf.all.log_martians = 1
|
|
|
|
|
|
|
|
# Controls source route verification
|
|
|
|
net.ipv4.conf.all.rp_filter = 1
|
|
|
|
|
|
|
|
# Enable ECN (Explicit Congestion Notification) in TCP connections
|
2011-06-13 01:01:24 +02:00
|
|
|
net.ipv4.tcp_ecn = 0
|
2011-04-26 12:26:24 +02:00
|
|
|
|
|
|
|
# Enable syncookies to hosts when the kernels syn backlog queue is overflowed
|
|
|
|
net.ipv4.tcp_syncookies = 1
|
|
|
|
|
|
|
|
# Ignore ICMP messages sent to broadcast or multicast addresses
|
|
|
|
net.ipv4.icmp_echo_ignore_broadcasts = 1
|
|
|
|
|
|
|
|
# Do not log bogus responses to broadcast frames send by hosts that ignore RFC 1122
|
|
|
|
#net.ipv4.icmp_ignore_bogus_error_responses = 1
|
|
|
|
|
|
|
|
# Controls the System Request debugging functionality of the kernel
|
|
|
|
# kernel.sysrq = 0
|
|
|
|
|
|
|
|
# Controls whether core dumps will append the PID to the core filename.
|
|
|
|
# Useful for debugging multi-threaded applications.
|
|
|
|
kernel.core_uses_pid = 1
|
2011-06-13 01:01:24 +02:00
|
|
|
|
|
|
|
net.ipv4.tcp_window_scaling = 0
|
2019-04-05 18:07:54 +02:00
|
|
|
|
|
|
|
# Increment default user inotify watches limit
|
|
|
|
fs.inotify.max_user_watches=524288
|