sysctl.conf 1.8 KB
Newer Older
albert's avatar
albert committed
1 2 3
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.

albert's avatar
albert committed
4 5
# you can have the CD-ROM close when you use it, and open
# when you are done.
albert's avatar
albert committed
6 7 8
#dev.cdrom.autoeject = 1
#dev.cdrom.autoclose = 1

albert's avatar
albert committed
9
# protection from the SYN flood attack
albert's avatar
albert committed
10
net/ipv4/tcp_syncookies=1
albert's avatar
albert committed
11 12

# see the evil packets in your log files
albert's avatar
albert committed
13
net/ipv4/conf/all/log_martians=1
albert's avatar
albert committed
14 15

# makes you vulnerable or not :-)
albert's avatar
albert committed
16 17 18
net/ipv4/conf/all/accept_redirects=0
net/ipv4/conf/all/accept_source_route=0
net/ipv4/icmp_echo_ignore_broadcasts =1
albert's avatar
albert committed
19 20

# needed for routing, including masquerading or NAT
albert's avatar
albert committed
21
#net/ipv4/ip_forward=1
albert's avatar
albert committed
22 23

# sets the port range used for outgoing connections
albert's avatar
albert committed
24 25
#net.ipv4.ip_local_port_range = 32768    61000

albert's avatar
albert committed
26 27 28 29 30
# Broken routers and obsolete firewalls will corrupt the window scaling
# and ECN. Set these values to 0 to disable window scaling and ECN.
# This may, rarely, cause some performance loss when running high-speed
# TCP/IP over huge distances or running TCP/IP over connections with high
# packet loss and modern routers. This sure beats dropped connections.
albert's avatar
albert committed
31 32
#net.ipv4.tcp_ecn = 0

albert's avatar
albert committed
33 34
# Swapping too much or not enough? Disks spinning up when you'd
# rather they didn't? Tweak these.
albert's avatar
albert committed
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
#vm.vfs_cache_pressure = 100
#vm.laptop_mode = 0
#vm.swappiness = 60

#kernel.printk_ratelimit_burst = 10
#kernel.printk_ratelimit = 5
#kernel.panic_on_oops = 0

# Reboot 600 seconds after a panic
#kernel.panic = 600

# enable SysRq key (note: console security issues)
#kernel.sysrq = 1

# Change name of core file to start with the command name
albert's avatar
albert committed
50
# so you get things like: emacs.core mozilla-bin.core X.core
albert's avatar
albert committed
51 52 53 54 55 56 57 58 59
#kernel.core_pattern = %e.core

# NIS/YP domain (not always equal to DNS domain)
#kernel.domainname = example.com
#kernel.hostname = darkstar

# This limits PID values to 4 digits, which allows tools like ps
# to save screen space.
kernel/pid_max=10000