vim /etc/sysctl.conf


net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_max_syn_backlog = 1280
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.tcp_timestamps = 0

# bump up size of tracked connections table
# # helps in avoiding "nf_conntrack: table full, dropping packet" errors
net.netfilter.nf_conntrack_generic_timeout=120
net.netfilter.nf_conntrack_max = 524288
#
# # misc
fs.suid_dumpable = 0
kernel.randomize_va_space = 2
kernel.exec-shield = 1
vm.overcommit_memory = 2

# Minimizing the amount of swapping
vm.swappiness = 20
vm.dirty_ratio = 80
vm.dirty_background_ratio = 5

fs.protected_hardlinks=1
fs.protected_symlinks=1

Comments powered by CComment