2007-04-05 16:48:42 +05:30
|
|
|
# /etc/sysctl.conf
|
|
|
|
#
|
|
|
|
# For more information on how this file works, please see
|
|
|
|
# the manpages sysctl(8) and sysctl.conf(5).
|
|
|
|
#
|
|
|
|
# In order for this file to work properly, you must first
|
|
|
|
# enable 'Sysctl support' in the kernel.
|
|
|
|
#
|
|
|
|
# Look in /proc/sys/ for all the things you can setup.
|
|
|
|
#
|
|
|
|
|
|
|
|
# Disables packet forwarding
|
2007-05-03 13:31:26 +05:30
|
|
|
net.ipv4.ip_forward = 0
|
2007-04-05 16:48:42 +05:30
|
|
|
# Disables IP dynaddr
|
|
|
|
#net.ipv4.ip_dynaddr = 0
|
|
|
|
# Disable ECN
|
|
|
|
#net.ipv4.tcp_ecn = 0
|
|
|
|
# Enables source route verification
|
|
|
|
net.ipv4.conf.default.rp_filter = 1
|
|
|
|
# Enable reverse path
|
|
|
|
net.ipv4.conf.all.rp_filter = 1
|
|
|
|
|
|
|
|
# Enable SYN cookies (yum!)
|
|
|
|
# http://cr.yp.to/syncookies.html
|
2007-05-15 20:13:44 +05:30
|
|
|
#net.ipv4.tcp_syncookies = 1
|
2007-04-05 16:48:42 +05:30
|
|
|
|
|
|
|
# Disable source route
|
|
|
|
#net.ipv4.conf.all.accept_source_route = 0
|
|
|
|
#net.ipv4.conf.default.accept_source_route = 0
|
|
|
|
|
|
|
|
# Disable redirects
|
|
|
|
#net.ipv4.conf.all.accept_redirects = 0
|
|
|
|
#net.ipv4.conf.default.accept_redirects = 0
|
|
|
|
|
|
|
|
# Disable secure redirects
|
|
|
|
#net.ipv4.conf.all.secure_redirects = 0
|
|
|
|
#net.ipv4.conf.default.secure_redirects = 0
|
|
|
|
|
|
|
|
# Ignore ICMP broadcasts
|
|
|
|
#net.ipv4.icmp_echo_ignore_broadcasts = 1
|
|
|
|
|
|
|
|
# Disables the magic-sysrq key
|
|
|
|
#kernel.sysrq = 0
|
|
|
|
# When the kernel panics, automatically reboot in 3 seconds
|
|
|
|
#kernel.panic = 3
|
|
|
|
# Allow for more PIDs (cool factor!); may break some programs
|
|
|
|
#kernel.pid_max = 999999
|
|
|
|
|
|
|
|
# You should compile nfsd into the kernel or add it
|
|
|
|
# to modules.autoload for this to work properly
|
|
|
|
# TCP Port for lock manager
|
|
|
|
#fs.nfs.nlm_tcpport = 0
|
|
|
|
# UDP Port for lock manager
|
|
|
|
#fs.nfs.nlm_udpport = 0
|