From 962c35425636e3f942fd8a624369a7c53748f47e Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Thu, 1 Jan 1970 03:00:00 +0300 Subject: chore: init --- etc/sysctl.conf | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 etc/sysctl.conf (limited to 'etc/sysctl.conf') diff --git a/etc/sysctl.conf b/etc/sysctl.conf new file mode 100644 index 0000000..c1a074d --- /dev/null +++ b/etc/sysctl.conf @@ -0,0 +1,60 @@ +# /etc/sysctl.conf +# +# For more information on how this file works, please see +# the manpages sysctl(8) and sysctl.conf(5). +# +# In order for this file to work properly, you must first +# enable 'Sysctl support' in the kernel. +# +# Look in /proc/sys/ for all the things you can setup. +# + +# Disables packet forwarding +net.ipv4.ip_forward = 1 +# Disables IP dynaddr +#net.ipv4.ip_dynaddr = 0 +# Disable ECN +#net.ipv4.tcp_ecn = 0 +# Enables source route verification +#net.ipv4.conf.default.rp_filter = 1 +# Enable reverse path +#net.ipv4.conf.all.rp_filter = 1 + +# Enable SYN cookies (yum!) +# http://cr.yp.to/syncookies.html +#net.ipv4.tcp_syncookies = 1 + +# Enable people in the specified (min, max) group range to send ICMP_ECHO +# messages (i.e. ping) and receive ICMP_ECHOREPLY responses. This allows +# you to run non-suid and non-caps `ping`, but it also means anyone with +# a gid in this range can send those packets (not just via `ping`). +#net.ipv4.ping_group_range = 100 100 + +# Disable source route +#net.ipv4.conf.all.accept_source_route = 0 +#net.ipv4.conf.default.accept_source_route = 0 + +# Disable redirects +#net.ipv4.conf.all.accept_redirects = 0 +#net.ipv4.conf.default.accept_redirects = 0 + +# Disable secure redirects +#net.ipv4.conf.all.secure_redirects = 0 +#net.ipv4.conf.default.secure_redirects = 0 + +# Ignore ICMP broadcasts +#net.ipv4.icmp_echo_ignore_broadcasts = 1 + +# Disables the magic-sysrq key +#kernel.sysrq = 0 +# When the kernel panics, automatically reboot in 3 seconds +#kernel.panic = 3 +# Allow for more PIDs (cool factor!); may break some programs +#kernel.pid_max = 999999 + +# You should compile nfsd into the kernel or add it +# to modules.autoload for this to work properly +# TCP Port for lock manager +#fs.nfs.nlm_tcpport = 0 +# UDP Port for lock manager +#fs.nfs.nlm_udpport = 0 -- cgit 1.4.1