about summary refs log tree commit diff
path: root/etc/sysctl.conf
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--etc/sysctl.conf60
1 files changed, 60 insertions, 0 deletions
diff --git a/etc/sysctl.conf b/etc/sysctl.conf
new file mode 100644
index 0000000..c1a074d
--- /dev/null
+++ b/etc/sysctl.conf
@@ -0,0 +1,60 @@
+# /etc/sysctl.conf
+#
+# For more information on how this file works, please see
+# the manpages sysctl(8) and sysctl.conf(5).
+#
+# In order for this file to work properly, you must first
+# enable 'Sysctl support' in the kernel.
+#
+# Look in /proc/sys/ for all the things you can setup.
+#
+
+# Disables packet forwarding
+net.ipv4.ip_forward = 1
+# Disables IP dynaddr
+#net.ipv4.ip_dynaddr = 0
+# Disable ECN
+#net.ipv4.tcp_ecn = 0
+# Enables source route verification
+#net.ipv4.conf.default.rp_filter = 1
+# Enable reverse path
+#net.ipv4.conf.all.rp_filter = 1
+
+# Enable SYN cookies (yum!)
+# http://cr.yp.to/syncookies.html
+#net.ipv4.tcp_syncookies = 1
+
+# Enable people in the specified (min, max) group range to send ICMP_ECHO
+# messages (i.e. ping) and receive ICMP_ECHOREPLY responses.  This allows
+# you to run non-suid and non-caps `ping`, but it also means anyone with
+# a gid in this range can send those packets (not just via `ping`).
+#net.ipv4.ping_group_range = 100 100
+
+# Disable source route
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv4.conf.default.accept_source_route = 0
+
+# Disable redirects
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv4.conf.default.accept_redirects = 0
+
+# Disable secure redirects
+#net.ipv4.conf.all.secure_redirects = 0
+#net.ipv4.conf.default.secure_redirects = 0
+
+# Ignore ICMP broadcasts
+#net.ipv4.icmp_echo_ignore_broadcasts = 1
+
+# Disables the magic-sysrq key
+#kernel.sysrq = 0
+# When the kernel panics, automatically reboot in 3 seconds
+#kernel.panic = 3
+# Allow for more PIDs (cool factor!); may break some programs
+#kernel.pid_max = 999999
+
+# You should compile nfsd into the kernel or add it
+# to modules.autoload for this to work properly
+# TCP Port for lock manager
+#fs.nfs.nlm_tcpport = 0
+# UDP Port for lock manager
+#fs.nfs.nlm_udpport = 0

Consider giving Nix/NixOS a try! <3