| # Kernel sysctl configuration file |
| # |
| # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and |
| # sysctl.conf(5) for more details. |
| # @VERSION@ |
| |
| # Controls IP packet forwarding |
| net.ipv4.ip_forward = 1 |
| |
| # Controls source route verification |
| net.ipv4.conf.default.rp_filter = 0 |
| |
| # Do not accept source routing |
| net.ipv4.conf.default.accept_source_route = 0 |
| |
| # Respect local interface in ARP interactions |
| net.ipv4.conf.default.arp_announce = 2 |
| net.ipv4.conf.default.arp_ignore = 2 |
| net.ipv4.conf.all.arp_announce = 2 |
| net.ipv4.conf.all.arp_ignore = 2 |
| |
| # IPSec NETKEY -- avoid bogus redirects |
| net.ipv4.conf.all.accept_redirects = 0 |
| net.ipv4.conf.default.accept_redirects = 0 |
| net.ipv4.conf.all.send_redirects = 0 |
| net.ipv4.conf.default.send_redirects = 0 |
| |
| |
| # Controls the System Request debugging functionality of the kernel |
| kernel.sysrq = 0 |
| |
| # Controls whether core dumps will append the PID to the core filename. |
| # Useful for debugging multi-threaded applications. |
| kernel.core_uses_pid = 1 |
| |
| # Controls the use of TCP syncookies |
| net.ipv4.tcp_syncookies = 1 |
| |
| net.ipv4.netfilter.ip_conntrack_max=1000000 |
| net.ipv4.tcp_tw_reuse=1 |
| net.ipv4.tcp_max_tw_buckets=1000000 |
| net.core.somaxconn=1000000 |
| |
| # Disable IPv6 |
| net.ipv6.conf.all.disable_ipv6 = 0 |
| net.ipv6.conf.all.forwarding = 1 |
| net.ipv6.conf.all.accept_ra = 1 |
| net.ipv6.conf.all.accept_redirects = 0 |
| net.ipv6.conf.all.autoconf = 0 |
