-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsysctl-1G.conf
More file actions
80 lines (69 loc) · 2.2 KB
/
sysctl-1G.conf
File metadata and controls
80 lines (69 loc) · 2.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# SYSTEM SETTINGS
# Control console message logging levels
kernel.printk = 3 4 1 3
# Maximum number of file handles
fs.file-max = 1048576
# Memory management
vm.swappiness = 10
vm.min_free_kbytes = 32768
# CORE NETWORK PARAMETERS
# Connection queue limits
net.core.somaxconn = 4096
net.core.netdev_max_backlog = 8192
# Socket buffer sizes
net.core.rmem_max = 67108864
net.core.wmem_max = 33554432
net.core.rmem_default = 16777216
net.core.wmem_default = 8388608
# Network processing settings
net.core.default_qdisc = fq
net.core.netdev_budget = 1500
net.core.netdev_budget_usecs = 10000
# TCP SETTINGS
# TCP memory limits (min/pressure/max in pages)
net.ipv4.tcp_mem = 65536 131072 262144
# TCP socket buffer sizes (min/default/max in bytes)
net.ipv4.tcp_rmem = 4096 32768 8388608
net.ipv4.tcp_wmem = 4096 32768 8388608
# TCP connection settings
net.ipv4.tcp_max_syn_backlog = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 20
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 10000
net.ipv4.tcp_max_orphans = 32768
net.ipv4.ip_local_port_range = 16000 65000
# TCP performance settings
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.tcp_slow_start_after_idle = 0
# UDP buffer sizes
net.ipv4.udp_rmem_min = 4096
net.ipv4.udp_wmem_min = 4096
# ROUTING AND FORWARDING
# IPv4 forwarding for VPN/proxy functionality
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_all = 0
# IPv6 settings
#net.ipv6.conf.all.forwarding = 1
#net.ipv6.conf.default.forwarding = 1
#net.ipv6.conf.all.accept_ra = 2
#net.ipv6.conf.default.accept_ra = 2
#net.ipv6.conf.all.accept_redirects = 0
#net.ipv6.conf.default.accept_redirects = 0
#net.ipv6.conf.all.autoconf = 0
#net.ipv6.conf.default.autoconf = 0
#net.ipv6.conf.all.accept_source_route = 0
#net.ipv6.conf.default.accept_source_route = 0
#net.ipv6.route.max_size = 1048576
# CONNECTION TRACKING
net.netfilter.nf_conntrack_max = 262144
net.netfilter.nf_conntrack_buckets = 65536
net.netfilter.nf_conntrack_tcp_timeout_established = 43200
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 20