-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsysctl.conf
More file actions
80 lines (69 loc) · 2.2 KB
/
sysctl.conf
File metadata and controls
80 lines (69 loc) · 2.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# SYSTEM SETTINGS
# Control console message logging levels
kernel.printk = 3 4 1 3
# Maximum number of file handles
fs.file-max = 6553560
# Memory management
vm.swappiness = 10
vm.min_free_kbytes = 65536
# CORE NETWORK PARAMETERS
# Connection queue limits
net.core.somaxconn = 8192
net.core.netdev_max_backlog = 16384
# Socket buffer sizes
net.core.rmem_max = 268435456
net.core.wmem_max = 134217728
net.core.rmem_default = 52428800
net.core.wmem_default = 26214400
# Network processing settings
net.core.default_qdisc = fq
net.core.netdev_budget = 3000
net.core.netdev_budget_usecs = 20000
# TCP SETTINGS
# TCP memory limits (min/pressure/max in pages)
net.ipv4.tcp_mem = 131072 262144 524288
# TCP socket buffer sizes (min/default/max in bytes)
net.ipv4.tcp_rmem = 4096 65536 16777216
net.ipv4.tcp_wmem = 4096 49152 16777216
# TCP connection settings
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_max_tw_buckets = 20000
net.ipv4.tcp_max_orphans = 65536
net.ipv4.ip_local_port_range = 10000 65000
# TCP performance settings
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_congestion_control = bbr
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.tcp_slow_start_after_idle = 0
# UDP buffer sizes
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
# ROUTING AND FORWARDING
# IPv4 forwarding for VPN/proxy functionality
net.ipv4.ip_forward = 1
net.ipv4.icmp_echo_ignore_all = 0
# IPv6 settings
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.route.max_size = 2097152
# CONNECTION TRACKING
net.netfilter.nf_conntrack_max = 1048576
net.netfilter.nf_conntrack_buckets = 131072
net.netfilter.nf_conntrack_tcp_timeout_established = 86400
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30