# /etc/sysctl.conf # # For more information on how this file works, please see # the manpages sysctl(8) and sysctl.conf(5). # # In order for this file to work properly, you must first # enable 'Sysctl support' in the kernel. # # Look in /proc/sys/ for all the things you can setup. # # Disables packet forwarding net.ipv4.ip_forward = 1 # Disables IP dynaddr #net.ipv4.ip_dynaddr = 0 # Disable ECN #net.ipv4.tcp_ecn = 0 # Enables source route verification #net.ipv4.conf.default.rp_filter = 1 # Enable reverse path #net.ipv4.conf.all.rp_filter = 1 # Enable SYN cookies (yum!) # http://cr.yp.to/syncookies.html #net.ipv4.tcp_syncookies = 1 # Enable people in the specified (min, max) group range to send ICMP_ECHO # messages (i.e. ping) and receive ICMP_ECHOREPLY responses. This allows # you to run non-suid and non-caps `ping`, but it also means anyone with # a gid in this range can send those packets (not just via `ping`). #net.ipv4.ping_group_range = 100 100 # Disable source route #net.ipv4.conf.all.accept_source_route = 0 #net.ipv4.conf.default.accept_source_route = 0 # Disable redirects #net.ipv4.conf.all.accept_redirects = 0 #net.ipv4.conf.default.accept_redirects = 0 # Disable secure redirects #net.ipv4.conf.all.secure_redirects = 0 #net.ipv4.conf.default.secure_redirects = 0 # Ignore ICMP broadcasts #net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disables the magic-sysrq key #kernel.sysrq = 0 # When the kernel panics, automatically reboot in 3 seconds #kernel.panic = 3 # Allow for more PIDs (cool factor!); may break some programs #kernel.pid_max = 999999 # You should compile nfsd into the kernel or add it # to modules.autoload for this to work properly # TCP Port for lock manager #fs.nfs.nlm_tcpport = 0 # UDP Port for lock manager #fs.nfs.nlm_udpport = 0