-
-
Save pikassogod/69079591dfed3f6e51822636439976fb to your computer and use it in GitHub Desktop.
BSD hardened settings 2015 Edition
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This file contains the auditctl rules that are loaded | |
| # whenever the audit daemon is started via the initscripts. | |
| # The rules are simply the parameters that would be passed | |
| # to auditctl. | |
| # First rule - delete all | |
| -D | |
| # Increase the buffers to survive stress events. | |
| # Make this bigger for busy systems | |
| -b 1024 | |
| -a entry,always -F arch=b32 -S adjtimex -S settimeofday -S clock_settime -k time-change | |
| -a entry,always -F arch=b64 -S adjtimex -S settimeofday -S clock_settime -k time-change | |
| -w /etc/localtime -p wa -k time-change | |
| -a always,exit -F arch=b32 -S sethostname -S setdomainname -k system-locale | |
| -a always,exit -F arch=b64 -S sethostname -S setdomainname -k system-locale | |
| -w /etc/hosts -p wa -k system-locale | |
| -w /etc/issue -p wa -k system-locale | |
| -w /etc/issue.net -p wa -k system-locale | |
| -w /etc/network/interfaces -p wa -k system-locale | |
| -a always,exit -F arch=b32 -S init_module -S delete_module -k modules | |
| -a always,exit -F arch=b64 -S init_module -S delete_module -k modules | |
| -w /sbin/rmmod -p x -k modules | |
| -w /sbin/insmod -p x -k modules | |
| -w /sbin/modprobe -p x -k modules | |
| -w /etc/sudoers -p wa -k identity | |
| -w /var/run/utmp -p wa -k session | |
| -w /var/log/wtmp -p wa -k session | |
| -w /var/log/btmp -p wa -k session | |
| -w /etc/audit/ -p wa -k CFG_audit | |
| -w /etc/default/auditd -p wa -k CFG_audit | |
| -w /etc/libaudit.conf -p wa -k CFG_libaudit.conf | |
| -w /etc/audisp/ -p wa -k CFG_audisp | |
| ## set-up of trusted channel | |
| -w /usr/sbin/stunnel -p x | |
| ## cron configuration & scheduled jobs | |
| -w /etc/cron.allow -p wa -k CFG_cron.allow | |
| -w /etc/cron.deny -p wa -k CFG_cron.deny | |
| -w /etc/cron.d/ -p wa -k CFG_cron.d | |
| -w /etc/cron.daily/ -p wa -k CFG_cron.daily | |
| -w /etc/cron.hourly/ -p wa -k CFG_cron.hourly | |
| -w /etc/cron.monthly/ -p wa -k CFG_cron.monthly | |
| -w /etc/cron.weekly/ -p wa -k CFG_cron.weekly | |
| -w /etc/crontab -p wa -k CFG_crontab | |
| -w /var/spool/cron/crontabs/root -k CFG_crontab_root | |
| ## user, group, password databases | |
| -w /etc/group -p wa -k CFG_group | |
| -w /etc/passwd -p wa -k CFG_passwd | |
| -w /etc/gshadow -k CFG_gshadow | |
| -w /etc/shadow -k CFG_shadow | |
| -w /etc/security/opasswd -k CFG_opasswd | |
| ## login configuration and information | |
| -w /etc/login.defs -p wa -k CFG_login.defs | |
| -w /etc/securetty -p wa -k CFG_securetty | |
| -w /var/log/faillog -p wa -k LOG_faillog | |
| -w /var/log/lastlog -p wa -k LOG_lastlog | |
| -w /var/log/tallylog -p wa -k LOG_tallylog | |
| ## system startup scripts | |
| -w /etc/inittab -p wa -k CFG_inittab | |
| -w /etc/init.d/ -p wa -k CFG_initscripts | |
| ## library search paths | |
| -w /etc/ld.so.conf -p wa -k CFG_ld.so.conf | |
| ## kernel parameters | |
| -w /etc/sysctl.conf -p wa -k CFG_sysctl.conf | |
| ## modprobe configuration | |
| -w /etc/modprobe.conf -p wa -k CFG_modprobe.conf | |
| ## pam configuration | |
| -w /etc/pam.d/ -p wa -k CFG_pam | |
| -w /etc/security/limits.conf -p wa -k CFG_pam | |
| -w /etc/security/pam_env.conf -p wa -k CFG_pam | |
| -w /etc/security/namespace.conf -p wa -k CFG_pam | |
| -w /etc/security/namespace.init -p wa -k CFG_pam | |
| ## ssh configuration | |
| -w /etc/ssh/sshd_config -k CFG_sshd_config | |
| -e 2 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Applications | |
| install cramfs /bin/true | |
| install freevxfs /bin/true | |
| install jffs2 /bin/true | |
| install hfs /bin/true | |
| install hfsplus /bin/true | |
| install squashfs /bin/true | |
| install udf /bin/true | |
| # Protocols | |
| install dccp /bin/true | |
| install sctp /bin/true | |
| install rds /bin/true | |
| install tipc /bin/true |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #### BEGIN INIT INFO | |
| # Provides: iptables | |
| # Required-Start: $network | |
| # Required-Stop: | |
| # Default-Start: 2 3 4 5 | |
| # Default-Stop: S 0 1 6 | |
| # Short-Description: iptables firewall script | |
| # Description: iptables firewall script | |
| ### END INIT INFO | |
| set -e | |
| . /lib/init/vars.sh | |
| . /lib/lsb/init-functions | |
| # iptables Location - adjust if needed | |
| IPT="/sbin/iptables" | |
| # Internet Interface | |
| INET_IFACE="eth0" | |
| # Localhost Interface | |
| LO_IFACE="lo" | |
| LO_IP="127.0.0.1" | |
| # Ee do not use forwarding / NAT | |
| echo 0 > /proc/sys/net/ipv4/ip_forward | |
| # Remove any existing ipchains | |
| ([ -f /var/lock/subsys/ipchains ] && /etc/init.d/ipchains stop) >/dev/null 2>&1 || true | |
| (rmmod ipchains) >/dev/null 2>&1 || true | |
| # insert iptable modules | |
| /sbin/modprobe ip_tables | |
| /sbin/modprobe ipt_state | |
| /sbin/modprobe iptable_filter | |
| /sbin/modprobe ip_conntrack | |
| /sbin/modprobe ip_conntrack_ftp | |
| # Clear all previous iptable rules | |
| $IPT -F | |
| $IPT -X | |
| $IPT -Z | |
| # Do not use forwarding / NAT | |
| $IPT -t nat -F | |
| $IPT -t nat -X | |
| $IPT -t nat -Z | |
| # Do not alter packets | |
| $IPT -t mangle -F | |
| $IPT -t mangle -X | |
| $IPT -t mangle -Z | |
| case "$1" in | |
| stop|open|clear|reset) | |
| # set default policy for all traffic to ACCEPT | |
| $IPT -P INPUT ACCEPT | |
| $IPT -P OUTPUT ACCEPT | |
| $IPT -P FORWARD ACCEPT | |
| $IPT -A INPUT -j ACCEPT | |
| $IPT -A OUTPUT -j ACCEPT | |
| $IPT -A FORWARD -j ACCEPT | |
| exit 0 | |
| ;; | |
| esac | |
| # set default policy for all traffic to DROP | |
| $IPT -P INPUT DROP | |
| $IPT -P OUTPUT DROP | |
| $IPT -P FORWARD DROP | |
| # Every new connection attempt should begin with a syn packet. If it doesn't, it is likely a | |
| # port scan. This drops packets in state NEW that are not flagged as syn packets. | |
| $IPT -A INPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| $IPT -A INPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| $IPT -A INPUT -p all -m state --state INVALID -j DROP | |
| $IPT -A OUTPUT -p all -m state --state ESTABLISHED,RELATED -j ACCEPT | |
| $IPT -A OUTPUT -p tcp ! --syn -m state --state NEW -j DROP | |
| $IPT -A OUTPUT -p all -m state --state INVALID -j DROP | |
| # ICMP packets should fit in a Layer 2 frame, thus they should | |
| # never be fragmented. Fragmented ICMP packets are a typical sign | |
| # of a denial of service attack. | |
| $IPT -A INPUT --fragment -p ICMP -j DROP | |
| # Block stealth portscans | |
| $IPT -A INPUT -p tcp --tcp-flags ALL NONE -j DROP | |
| $IPT -A INPUT -p tcp --tcp-flags ALL ALL -j DROP | |
| $IPT -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP | |
| $IPT -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP | |
| $IPT -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP | |
| $IPT -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP | |
| # all connections from / to localhost are allowed | |
| $IPT -A INPUT -p all -i $LO_IFACE -j ACCEPT | |
| $IPT -A OUTPUT -p all -o $LO_IFACE -j ACCEPT | |
| $IPT -A OUTPUT -p all -s $LO_IP -j ACCEPT | |
| # HTTP / HTTPS | |
| $IPT -A INPUT -p tcp --dport 80 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 443 -j ACCEPT | |
| # FTP | |
| $IPT -A INPUT -p tcp --dport 20 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 21 -j ACCEPT | |
| # SSH | |
| $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set | |
| $IPT -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 -j REJECT --reject-with tcp-reset | |
| $IPT -A INPUT -p tcp --dport 22 -j ACCEPT | |
| # SMTP / SSMTP | |
| $IPT -A INPUT -p tcp --dport 25 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 465 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 587 -j ACCEPT | |
| # POP3PASS | |
| $IPT -A INPUT -p tcp --dport 106 -j ACCEPT | |
| # POP3 / POP3S | |
| $IPT -A INPUT -p tcp --dport 110 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 995 -j ACCEPT | |
| # IMAP / IMAPS | |
| $IPT -A INPUT -p tcp --dport 143 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 993 -j ACCEPT | |
| # MySQL | |
| $IPT -A INPUT -p tcp --dport 3306 -j ACCEPT | |
| # PostgreSQL | |
| $IPT -A INPUT -p tcp --dport 5432 -j ACCEPT | |
| # DNS | |
| $IPT -A INPUT -p udp --dport 53 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 53 -j ACCEPT | |
| # Admin Panels (Plesk / DirectAdmin) | |
| $IPT -A INPUT -p tcp --dport 8443 -j ACCEPT | |
| $IPT -A INPUT -p tcp --dport 2222 -j ACCEPT | |
| # ICMP | |
| $IPT -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type source-quench -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type time-exceeded -j ACCEPT | |
| $IPT -A INPUT -p icmp --icmp-type parameter-problem -j ACCEPT | |
| # UDP part of tracerouting | |
| $IPT -A INPUT -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT | |
| $IPT -A OUTPUT -p udp --sport 32769:65535 --dport 33434:33523 -j ACCEPT | |
| # SSH | |
| $IPT -A OUTPUT -p tcp --dport 22 -j ACCEPT | |
| # SMTP | |
| $IPT -A OUTPUT -p tcp --dport 25 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 465 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 587 -j ACCEPT | |
| # POP3/IMAP | |
| $IPT -A OUTPUT -p tcp --dport 110 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 143 -j ACCEPT | |
| # HTTP/HTTPS | |
| $IPT -A OUTPUT -p tcp --dport 80 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 443 -j ACCEPT | |
| # DNS | |
| $IPT -A OUTPUT -p udp --dport 53 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 53 -j ACCEPT | |
| # SNMP | |
| $IPT -A OUTPUT -p udp --dport 161 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 161 -j ACCEPT | |
| $IPT -A OUTPUT -p udp --dport 162 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 162 -j ACCEPT | |
| # NTP (date/time) | |
| $IPT -A OUTPUT -p tcp --dport 37 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 123 -j ACCEPT | |
| $IPT -A OUTPUT -p udp --dport 123 -j ACCEPT | |
| # WhoIs clientside | |
| $IPT -A OUTPUT -p tcp --dport 43 -j ACCEPT | |
| # Razor2/Pyzor/DCC (spamchecks) | |
| $IPT -A OUTPUT -p udp --dport 24441 -j ACCEPT | |
| $IPT -A OUTPUT -p udp --dport 6277 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 2703 -j ACCEPT | |
| $IPT -A OUTPUT -p tcp --dport 7 -j ACCEPT | |
| # MySQL | |
| $IPT -A OUTPUT -p tcp --dport 3306 -j ACCEPT | |
| # PostgreSQL | |
| $IPT -A OUTPUT -p tcp --dport 5432 -j ACCEPT | |
| # ICMP | |
| $IPT -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type destination-unreachable -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type source-quench -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type time-exceeded -j ACCEPT | |
| $IPT -A OUTPUT -p icmp --icmp-type parameter-problem -j ACCEPT | |
| # DROP any other protocol other than stated above | |
| $IPT -A INPUT -j DROP | |
| $IPT -A OUTPUT -j DROP | |
| $IPT -A FORWARD -j DROP | |
| $IPT -L -n |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Protocol 2 | |
| LogLevel INFO | |
| X11Forwarding no | |
| MaxAuthTries 4 | |
| IgnoreRhosts yes | |
| HostbasedAuthentication no | |
| PermitRootLogin no | |
| PermitEmptyPasswords no | |
| PermitUserEnvironment no | |
| Ciphers aes128-ctr,aes192-ctr,aes256-ctr | |
| ClientAliveInterval 600 | |
| ClientAliveCountMax 0 | |
| Banner /etc/issue.net | |
| AllowGroups root,wheel |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Show all system parameters with their values (default or changed) | |
| # sysctl -A | |
| ### Show values of parameters modified by you | |
| # sysctl -p | |
| ### Show value for a single parameter parameter-name | |
| # sysctl parameter-name | |
| ### Change value for a single parameter parameter-name without editing sysctl.conf manually. | |
| # sysctl -w parameter-name = parameter-value | |
| # Limit responses to ICMP for bandwidth purposes | |
| #net.inet.icmp.icmplim = 10 | |
| #net.inet.icmp.maskrepl = 0 | |
| #net.inet.icmp.drop_redirect = 1 | |
| #net.icmp.bmcastecho = 0 | |
| # Forces a single pass through the firewall. If set to 0, | |
| # packets coming out of a pipe will be reinjected into the | |
| # firewall starting with the rule after the matching one. | |
| # NOTE: there is always one pass for bridged packets. | |
| #net.inet.ip.fw.one_pass = 0 | |
| # Stealth IP networking | |
| #net.inet.ip.stealth = 0 | |
| # Drop synfin packets | |
| #net.inet.tcp.drop_synfin = 1 | |
| # Icmp may NOT rst | |
| #net.inet.tcp.icmp_may_rst = 0 | |
| ############################### | |
| # IPv4 | |
| ############################### | |
| net.ipv4.ip_forward = 1 | |
| #net.ipv4.ip_forward_use_pmtu = 0 | |
| #net.ipv4.fwmark_reflect = 0 | |
| net.ipv4.conf.default.proxy_arp = 0 | |
| #net.ipv4.ip_dynaddr = 0 | |
| net.ipv4.xfrm4_gc_thresh = 131072 | |
| net.ipv4.ip_default_ttl = 64 | |
| # Enable route verification on all interfaces | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.conf.lo.rp_filter = 1 | |
| net.ipv4.conf.default.rp_filter = 1 | |
| net.ipv4.conf.default.arp_ignore = 1 | |
| net.ipv4.conf.all.arp_ignore = 1 | |
| net.ipv4.inet_peer_threshold = 65664 | |
| net.ipv4.conf.all.proxy_arp = 0 | |
| net.ipv4.inet_peer_minttl = 120 | |
| net.ipv4.inet_peer_maxttl = 900 | |
| net.ipv4.inet_peer_gc_mintime = 10 | |
| net.ipv4.inet_peer_gc_maxtime = 120 | |
| net.ipv4.igmp_max_msf = 10 | |
| # Do not accept source routing | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv4.conf.lo.accept_source_route = 0 | |
| net.ipv4.conf.default.secure_redirects = 0 | |
| # Disable ICMP Redirect Acceptance | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.lo.accept_redirects = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.all.secure_redirects = 0 | |
| # TCP SYN cookie protection (default) helps protect | |
| # against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached | |
| #net.ipv4.tcp_syncookies = 1 | |
| # TCP Explicit Congestion Notification | |
| #net.ipv4.tcp_ecn = 1 | |
| #net.ipv4.tcp_reordering = 3 | |
| # We do not want all our interfaces to send redirects | |
| net.ipv4.conf.default.send_redirects = 1 | |
| # Decrease the time default value for tcp_fin_timeout connection | |
| net.ipv4.tcp_fin_timeout = 10 | |
| # Decrease the time default value for tcp_keepalive_time connect | |
| net.ipv4.tcp_keepalive_time = 300 | |
| # Turn on/off the tcp_window_scaling | |
| net.ipv4.tcp_window_scaling = 1 | |
| # Turn on/off the tcp_sack | |
| net.ipv4.tcp_sack = 1 | |
| # Turn on/off the tcp_dsack | |
| net.ipv4.tcp_dsack = 1 | |
| ## TCP timestamps | |
| ## + protect against wrapping sequence numbers (at gigabit speeds) | |
| ## + round trip time calculation implemented in TCP | |
| ## - causes extra overhead and allows uptime detection by scanners like nmap | |
| ## enable @ gigabit speeds | |
| net.ipv4.tcp_timestamps = 0 | |
| # Enable ignoring broadcasts request (Default 1) | |
| net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| #net.ipv4.icmp_ratemask = 6168 | |
| # Enable bad error message Protection | |
| net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
| # Log Spoofed Packets, Source Routed Packets, Redirect Packets | |
| net.ipv4.conf.all.log_martians = 1 | |
| net.ipv4.conf.lo.log_martians = 1 | |
| # Increases the size of the socket queue (effectively, q0). | |
| net.ipv4.tcp_max_syn_backlog = 4096 | |
| # Increase the tcp-time-wait buckets pool size | |
| net.ipv4.tcp_max_tw_buckets = 1440000 | |
| # Ignore all ICMP Echo spam - Don't ignore directed pings! | |
| net.ipv4.icmp_echo_ignore_all = 0 | |
| # Allowed local port range | |
| net.ipv4.ip_local_port_range = 16384 65535 | |
| # This may cause dropped frames with load-balancing and NATs, | |
| # only use this for a server that communicates only over your local network. | |
| # Reuse/recycle time-wait sockets | |
| # 1 0 can break clients behind NAT | |
| #net.ipv4.tcp_tw_reuse = 1 | |
| #net.ipv4.tcp_tw_recycle = 0 | |
| # Protect against tcp time-wait assassination hazards | |
| net.ipv4.tcp_rfc1337 = 1 | |
| net.ipv4.tcp_retries1 = 3 | |
| net.ipv4.tcp_retries2 = 15 | |
| # Send redirects (not a router, disable it) | |
| net.ipv4.conf.all.send_redirects = 0 | |
| ########################################### | |
| #net.tcp.default_init_rwnd = 60 | |
| ########################################### | |
| net.ipv4.tcp_syn_retries = 2 | |
| ########################################### | |
| net.ipv4.tcp_synack_retries = 2 | |
| ########################################### | |
| #net.ipv4.route.flush = 1 | |
| ########################################### | |
| #net.ipv4.conf.<device>.rp_filter = 1 | |
| ########################################### | |
| net.ipv4.tcp_keepalive_probes = 5 | |
| ########################################### | |
| net.ipv4.tcp_keepalive_intvl = 60 | |
| ########################################### | |
| net.ipv4.tcp_rme = 6144 87380 1048576 | |
| ########################################### | |
| net.ipv4.tcp_wmem = 6144 87380 1048576 | |
| ########################################### | |
| net.ipv4.tcp_mem = 65536 131072 262144 | |
| ########################################### | |
| #The default value held by this entry varies | |
| #heavily depending on how much memory you have. | |
| #net.ipv4.<netfilter>.ip_conntrack_max = | |
| ########################################### | |
| net.ipv4.<netfilter>.ip_ct_generic_timeout = 600 | |
| ########################################### | |
| net.ipv4.tcp_fack = 1 | |
| ########################################### | |
| net.ipv4.tcp_no_metrics_save = 1 | |
| ########################################### | |
| net.ipv4.tcp_congestion_control = cubic | |
| #net.ipv4.tcp_congestion_control = htcp | |
| ########################################### | |
| net.ipv4.tcp_moderate_rcvbuf = 1 | |
| ########################################### | |
| net.ipv4.udp_rmem_min = 8192 | |
| ########################################### | |
| net.ipv4.udp_wmem_min = 8192 | |
| ########################################### | |
| net.ipv4.udp_mem = 65536 131072 262144 | |
| ########################################### | |
| net.ipv4.tcp_workaround_signed_windows = 0 | |
| ########################################### | |
| net.core.default_qdisc = fq | |
| ########################################### | |
| net.ipv4.tcp_rmem = 8192 87380 16777216 | |
| ########################################### | |
| # Increase RPC slots | |
| #sunrpc.tcp_slot_table_entries = 32 | |
| #sunrpc.udp_slot_table_entries = 32 | |
| # .autoconf set to 0 if you use a static ip! | |
| net.ipv4.tcp_tso_win_divisor = 3 | |
| net.ipv4.tcp_thin_linear_timeouts = 0 | |
| net.ipv4.tcp_thin_dupack = 0 | |
| net.ipv4.tcp_stdurg = 0 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| net.ipv4.tcp_retrans_collapse = 1 | |
| net.ipv4.tcp_mtu_probing = 0 | |
| net.ipv4.tcp_max_ssthresh = 0 | |
| net.ipv4.tcp_cookie_size = 0 | |
| net.ipv4.tcp_orphan_retries = 0 | |
| net.ipv4.tcp_max_orphans = 16384 | |
| net.ipv4.tcp_low_latency = 1 | |
| net.ipv4.tcp_frto_response = 0 | |
| net.ipv4.tcp_frto = 2 | |
| net.ipv4.tcp_challenge_ack_limit = 100 | |
| net.ipv4.tcp_base_mss = 512 | |
| net.ipv4.tcp_app_win = 31 | |
| net.ipv4.tcp_available_congestion_control = cubic reno | |
| net.ipv4.tcp_allowed_congestion_control = cubic reno | |
| net.ipv4.tcp_adv_win_scale = 1 | |
| net.ipv4.tcp_abort_on_overflow = 0 | |
| net.ipv4.tcp_abc = 0 | |
| net.ipv4.rt_cache_rebuild_count = 4 | |
| net.ipv4.tcp_fastopen = 3 | |
| ##### | |
| net.ipv4.route.redirect_silence = 4096 | |
| net.ipv4.route.redirect_number = 9 | |
| net.ipv4.route.redirect_load = 4 | |
| net.ipv4.route.mtu_expires = 600 | |
| net.ipv4.route.min_adv_mss = 256 | |
| net.ipv4.route.min_pmtu = 552 | |
| net.ipv4.route.max_size = 524288 | |
| net.ipv4.route.gc_timeout = 600 | |
| net.ipv4.route.error_burst = 1000 | |
| net.ipv4.route.error_cost = 200 | |
| net.ipv4.route.gc_elasticity = 8 | |
| net.ipv4.route.gc_interval = 60 | |
| net.ipv4.route.gc_min_interval = 0 | |
| net.ipv4.route.gc_min_interval_ms = 500 | |
| net.ipv4.route.gc_thresh = 32768 | |
| ##### | |
| # http://lartc.org/howto/lartc.kernel.obscure.html | |
| # http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html | |
| #### | |
| net.ipv4.ip_no_pmtu_disc = 0 | |
| net.ipv4.ip_nonlocal_bind = 0 | |
| net.ipv4.ipfrag_high_thresh = 512000 | |
| net.ipv4.ipfrag_low_thresh = 446464 | |
| net.ipv4.ipfrag_max_dist = 64 | |
| net.ipv4.ipfrag_secret_interval = 600 | |
| net.ipv4.ipfrag_time = 30 | |
| ###### | |
| net.ipv4.neigh.default.anycast_delay = 100 | |
| net.ipv4.neigh.default.app_solicit = 0 | |
| net.ipv4.neigh.default.base_reachable_time = 30 | |
| net.ipv4.neigh.default.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.default.delay_first_probe_time = 5 | |
| net.ipv4.neigh.default.gc_interval = 30 | |
| net.ipv4.neigh.default.gc_stale_time = 60 | |
| net.ipv4.neigh.default.gc_thresh1 = 32 | |
| net.ipv4.neigh.default.gc_thresh2 = 1024 | |
| net.ipv4.neigh.default.gc_thresh3 = 2048 | |
| net.ipv4.neigh.default.locktime = 100 | |
| net.ipv4.neigh.default.mcast_solicit = 3 | |
| net.ipv4.neigh.default.proxy_delay = 80 | |
| net.ipv4.neigh.default.proxy_qlen = 96 | |
| net.ipv4.neigh.default.retrans_time = 100 | |
| net.ipv4.neigh.default.retrans_time_ms = 1000 | |
| net.ipv4.neigh.default.ucast_solicit = 3 | |
| net.ipv4.neigh.default.unres_qlen = 6 | |
| net.ipv4.neigh.default.unres_qlen_bytes = 65536 | |
| ##### | |
| net.ipv4.conf.rmnet1.forwarding = 1 | |
| net.ipv4.conf.rmnet1.mc_forwarding = 0 | |
| net.ipv4.conf.rmnet1.accept_redirects = 1 | |
| net.ipv4.conf.rmnet1.secure_redirects = 1 | |
| net.ipv4.conf.rmnet1.shared_media = 1 | |
| net.ipv4.conf.rmnet1.rp_filter = 0 | |
| net.ipv4.conf.rmnet1.send_redirects = 1 | |
| net.ipv4.conf.rmnet1.accept_source_route = 1 | |
| net.ipv4.conf.rmnet1.accept_local = 0 | |
| net.ipv4.conf.rmnet1.src_valid_mark = 0 | |
| net.ipv4.conf.rmnet1.proxy_arp = 0 | |
| net.ipv4.conf.rmnet1.medium_id = 0 | |
| net.ipv4.conf.rmnet1.bootp_relay = 0 | |
| net.ipv4.conf.rmnet1.log_martians = 0 | |
| net.ipv4.conf.rmnet1.tag = 0 | |
| net.ipv4.conf.rmnet1.arp_filter = 0 | |
| net.ipv4.conf.rmnet1.arp_announce = 0 | |
| net.ipv4.conf.rmnet1.arp_ignore = 1 | |
| net.ipv4.conf.rmnet1.arp_accept = 0 | |
| net.ipv4.conf.rmnet1.arp_notify = 0 | |
| net.ipv4.conf.rmnet1.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.rmnet1.disable_xfrm = 0 | |
| net.ipv4.conf.rmnet1.disable_policy = 0 | |
| net.ipv4.conf.rmnet1.force_igmp_version = 0 | |
| net.ipv4.conf.rmnet1.promote_secondaries = 0 | |
| ##### | |
| net.ipv4.conf.rmnet2.forwarding = 1 | |
| net.ipv4.conf.rmnet2.mc_forwarding = 0 | |
| net.ipv4.conf.rmnet2.accept_redirects = 1 | |
| net.ipv4.conf.rmnet2.secure_redirects = 1 | |
| net.ipv4.conf.rmnet2.shared_media = 1 | |
| net.ipv4.conf.rmnet2.rp_filter = 0 | |
| net.ipv4.conf.rmnet2.send_redirects = 1 | |
| net.ipv4.conf.rmnet2.accept_source_route = 1 | |
| net.ipv4.conf.rmnet2.accept_local = 0 | |
| net.ipv4.conf.rmnet2.src_valid_mark = 0 | |
| net.ipv4.conf.rmnet2.proxy_arp = 0 | |
| net.ipv4.conf.rmnet2.medium_id = 0 | |
| net.ipv4.conf.rmnet2.bootp_relay = 0 | |
| net.ipv4.conf.rmnet2.log_martians = 0 | |
| net.ipv4.conf.rmnet2.tag = 0 | |
| net.ipv4.conf.rmnet2.arp_filter = 0 | |
| net.ipv4.conf.rmnet2.arp_announce = 0 | |
| net.ipv4.conf.rmnet2.arp_ignore = 1 | |
| net.ipv4.conf.rmnet2.arp_accept = 0 | |
| net.ipv4.conf.rmnet2.arp_notify = 0 | |
| net.ipv4.conf.rmnet2.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.rmnet2.disable_xfrm = 0 | |
| net.ipv4.conf.rmnet2.disable_policy = 0 | |
| net.ipv4.conf.rmnet2.force_igmp_version = 0 | |
| net.ipv4.conf.rmnet2.promote_secondaries = 0 | |
| ##### | |
| net.ipv4.conf.rndis0.forwarding = 1 | |
| net.ipv4.conf.rndis0.mc_forwarding = 0 | |
| net.ipv4.conf.rndis0.accept_redirects = 0 | |
| net.ipv4.conf.rndis0.secure_redirects = 0 | |
| net.ipv4.conf.rndis0.shared_media = 1 | |
| net.ipv4.conf.rndis0.rp_filter = 0 | |
| net.ipv4.conf.rndis0.send_redirects = 1 | |
| net.ipv4.conf.rndis0.accept_source_route = 0 | |
| net.ipv4.conf.rndis0.accept_local = 0 | |
| net.ipv4.conf.rndis0.src_valid_mark = 0 | |
| net.ipv4.conf.rndis0.proxy_arp = 0 | |
| net.ipv4.conf.rndis0.medium_id = 0 | |
| net.ipv4.conf.rndis0.bootp_relay = 0 | |
| net.ipv4.conf.rndis0.log_martians = 0 | |
| net.ipv4.conf.rndis0.tag = 0 | |
| net.ipv4.conf.rndis0.arp_filter = 0 | |
| net.ipv4.conf.rndis0.arp_announce = 0 | |
| net.ipv4.conf.rndis0.arp_ignore = 1 | |
| net.ipv4.conf.rndis0.arp_accept = 0 | |
| net.ipv4.conf.rndis0.arp_notify = 0 | |
| net.ipv4.conf.rndis0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.rndis0.disable_xfrm = 0 | |
| net.ipv4.conf.rndis0.disable_policy = 0 | |
| net.ipv4.conf.rndis0.force_igmp_version = 0 | |
| net.ipv4.conf.rndis0.promote_secondaries = 0 | |
| ##### | |
| net.ipv4.neigh.rndis0.mcast_solicit = 3 | |
| net.ipv4.neigh.rndis0.ucast_solicit = 3 | |
| net.ipv4.neigh.rndis0.app_solicit = 0 | |
| net.ipv4.neigh.rndis0.retrans_time = 100 | |
| net.ipv4.neigh.rndis0.base_reachable_time = 30 | |
| net.ipv4.neigh.rndis0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.rndis0.gc_stale_time = 60 | |
| net.ipv4.neigh.rndis0.unres_qlen = 3 | |
| net.ipv4.neigh.rndis0.proxy_qlen = 64 | |
| net.ipv4.neigh.rndis0.anycast_delay = 100 | |
| net.ipv4.neigh.rndis0.proxy_delay = 80 | |
| net.ipv4.neigh.rndis0.locktime = 100 | |
| net.ipv4.neigh.rndis0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.rndis0.base_reachable_time_ms = 30000 | |
| ##### | |
| net.ipv4.neigh.rmnet2.mcast_solicit = 3 | |
| net.ipv4.neigh.rmnet2.ucast_solicit = 3 | |
| net.ipv4.neigh.rmnet2.app_solicit = 0 | |
| net.ipv4.neigh.rmnet2.retrans_time = 100 | |
| net.ipv4.neigh.rmnet2.base_reachable_time = 30 | |
| net.ipv4.neigh.rmnet2.delay_first_probe_time = 5 | |
| net.ipv4.neigh.rmnet2.gc_stale_time = 60 | |
| net.ipv4.neigh.rmnet2.unres_qlen = 3 | |
| net.ipv4.neigh.rmnet2.proxy_qlen = 64 | |
| net.ipv4.neigh.rmnet2.anycast_delay = 100 | |
| net.ipv4.neigh.rmnet2.proxy_delay = 80 | |
| net.ipv4.neigh.rmnet2.locktime = 100 | |
| net.ipv4.neigh.rmnet2.retrans_time_ms = 1000 | |
| net.ipv4.neigh.rmnet2.base_reachable_time_ms = 30000 | |
| ##### | |
| net.ipv4.neigh.rmnet1.mcast_solicit = 3 | |
| net.ipv4.neigh.rmnet1.ucast_solicit = 3 | |
| net.ipv4.neigh.rmnet1.app_solicit = 0 | |
| net.ipv4.neigh.rmnet1.retrans_time = 100 | |
| net.ipv4.neigh.rmnet1.base_reachable_time = 30 | |
| net.ipv4.neigh.rmnet1.delay_first_probe_time = 5 | |
| net.ipv4.neigh.rmnet1.gc_stale_time = 60 | |
| net.ipv4.neigh.rmnet1.unres_qlen = 3 | |
| net.ipv4.neigh.rmnet1.proxy_qlen = 64 | |
| net.ipv4.neigh.rmnet1.anycast_delay = 100 | |
| net.ipv4.neigh.rmnet1.proxy_delay = 80 | |
| net.ipv4.neigh.rmnet1.locktime = 100 | |
| net.ipv4.neigh.rmnet1.retrans_time_ms = 1000 | |
| net.ipv4.neigh.rmnet1.base_reachable_time_ms = 30000 | |
| ##### | |
| net.ipv4.neigh.rmnet0.mcast_solicit = 3 | |
| net.ipv4.neigh.rmnet0.ucast_solicit = 3 | |
| net.ipv4.neigh.rmnet0.app_solicit = 0 | |
| net.ipv4.neigh.rmnet0.retrans_time = 100 | |
| net.ipv4.neigh.rmnet0.base_reachable_time = 30 | |
| net.ipv4.neigh.rmnet0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.rmnet0.gc_stale_time = 60 | |
| net.ipv4.neigh.rmnet0.unres_qlen = 3 | |
| net.ipv4.neigh.rmnet0.proxy_qlen = 64 | |
| net.ipv4.neigh.rmnet0.anycast_delay = 100 | |
| net.ipv4.neigh.rmnet0.proxy_delay = 80 | |
| net.ipv4.neigh.rmnet0.locktime = 100 | |
| net.ipv4.neigh.rmnet0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.rmnet0.base_reachable_time_ms = 30000 | |
| ##### | |
| net.ipv4.neigh.ip6tnl0.anycast_delay = 100 | |
| net.ipv4.neigh.ip6tnl0.app_solicit = 0 | |
| net.ipv4.neigh.ip6tnl0.base_reachable_time = 30 | |
| net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.ip6tnl0.gc_stale_time = 60 | |
| net.ipv4.neigh.ip6tnl0.locktime = 100 | |
| net.ipv4.neigh.ip6tnl0.mcast_solicit = 3 | |
| net.ipv4.neigh.ip6tnl0.proxy_delay = 80 | |
| net.ipv4.neigh.ip6tnl0.proxy_qlen = 64 | |
| net.ipv4.neigh.ip6tnl0.retrans_time = 100 | |
| net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.ip6tnl0.ucast_solicit = 3 | |
| net.ipv4.neigh.ip6tnl0.unres_qlen = 35 | |
| net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 65536 | |
| ###### | |
| net.ipv4.neigh.lo.anycast_delay = 100 | |
| net.ipv4.neigh.lo.app_solicit = 0 | |
| net.ipv4.neigh.lo.base_reachable_time = 30 | |
| net.ipv4.neigh.lo.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.lo.delay_first_probe_time = 5 | |
| net.ipv4.neigh.lo.gc_stale_time = 60 | |
| net.ipv4.neigh.lo.locktime = 100 | |
| net.ipv4.neigh.lo.mcast_solicit = 3 | |
| net.ipv4.neigh.lo.proxy_delay = 80 | |
| net.ipv4.neigh.lo.proxy_qlen = 64 | |
| net.ipv4.neigh.lo.retrans_time = 100 | |
| net.ipv4.neigh.lo.retrans_time_ms = 1000 | |
| net.ipv4.neigh.lo.ucast_solicit = 3 | |
| net.ipv4.neigh.lo.unres_qlen = 35 | |
| net.ipv4.neigh.lo.unres_qlen_bytes = 65536 | |
| ##### | |
| net.ipv4.neigh.p2p0.anycast_delay = 100 | |
| net.ipv4.neigh.p2p0.app_solicit = 0 | |
| net.ipv4.neigh.p2p0.base_reachable_time = 30 | |
| net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.p2p0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.p2p0.gc_stale_time = 60 | |
| net.ipv4.neigh.p2p0.locktime = 100 | |
| net.ipv4.neigh.p2p0.mcast_solicit = 3 | |
| net.ipv4.neigh.p2p0.proxy_delay = 80 | |
| net.ipv4.neigh.p2p0.proxy_qlen = 64 | |
| net.ipv4.neigh.p2p0.retrans_time = 100 | |
| net.ipv4.neigh.p2p0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.p2p0.ucast_solicit = 3 | |
| net.ipv4.neigh.p2p0.unres_qlen = 35 | |
| net.ipv4.neigh.p2p0.unres_qlen_bytes = 65536 | |
| ##### | |
| net.ipv4.neigh.sit0.anycast_delay = 100 | |
| net.ipv4.neigh.sit0.app_solicit = 0 | |
| net.ipv4.neigh.sit0.base_reachable_time = 30 | |
| net.ipv4.neigh.sit0.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.sit0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.sit0.gc_stale_time = 60 | |
| net.ipv4.neigh.sit0.locktime = 100 | |
| net.ipv4.neigh.sit0.mcast_solicit = 3 | |
| net.ipv4.neigh.sit0.proxy_delay = 80 | |
| net.ipv4.neigh.sit0.proxy_qlen = 64 | |
| net.ipv4.neigh.sit0.retrans_time = 100 | |
| net.ipv4.neigh.sit0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.sit0.ucast_solicit = 3 | |
| net.ipv4.neigh.sit0.unres_qlen = 35 | |
| net.ipv4.neigh.sit0.unres_qlen_bytes = 65536 | |
| ##### | |
| net.ipv4.neigh.wlan0.anycast_delay = 100 | |
| net.ipv4.neigh.wlan0.app_solicit = 0 | |
| net.ipv4.neigh.wlan0.base_reachable_time = 30 | |
| net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000 | |
| net.ipv4.neigh.wlan0.delay_first_probe_time = 5 | |
| net.ipv4.neigh.wlan0.gc_stale_time = 60 | |
| net.ipv4.neigh.wlan0.locktime = 100 | |
| net.ipv4.neigh.wlan0.mcast_solicit = 3 | |
| net.ipv4.neigh.wlan0.proxy_delay = 80 | |
| net.ipv4.neigh.wlan0.proxy_qlen = 64 | |
| net.ipv4.neigh.wlan0.retrans_time = 100 | |
| net.ipv4.neigh.wlan0.retrans_time_ms = 1000 | |
| net.ipv4.neigh.wlan0.ucast_solicit = 3 | |
| net.ipv4.neigh.wlan0.unres_qlen = 35 | |
| net.ipv4.neigh.wlan0.unres_qlen_bytes = 65536 | |
| #net.ipv4.netfilter.ip_conntrack_buckets = 16384 | |
| net.ipv4.netfilter.ip_conntrack_checksum = 1 | |
| net.ipv4.netfilter.ip_conntrack_count = 36 | |
| #net.ipv4.netfilter.ip_conntrack_generic_timeout = 600 | |
| #net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30 | |
| #net.ipv4.netfilter.ip_conntrack_log_invalid = 0 | |
| #net.ipv4.netfilter.ip_conntrack_max = 65536 | |
| net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0 | |
| #net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_loose = 1 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 15 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 75 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120 | |
| #net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120 | |
| #net.ipv4.netfilter.ip_conntrack_udp_timeout = 30 | |
| #net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180 | |
| net.ipv4.ping_group_range = 0 2147483647 | |
| net.ipv4.ip_local_reserved_ports = | |
| ##### | |
| net.ipv4.conf.all.accept_local = 0 | |
| net.ipv4.conf.all.arp_accept = 0 | |
| net.ipv4.conf.all.arp_announce = 0 | |
| net.ipv4.conf.all.arp_filter = 0 | |
| net.ipv4.conf.all.arp_ignore = 0 | |
| net.ipv4.conf.all.arp_notify = 0 | |
| net.ipv4.conf.all.bootp_relay = 0 | |
| net.ipv4.conf.all.disable_policy = 0 | |
| net.ipv4.conf.all.disable_xfrm = 0 | |
| net.ipv4.conf.all.force_igmp_version = 0 | |
| net.ipv4.conf.all.forwarding = 1 | |
| net.ipv4.conf.all.mc_forwarding = 1 | |
| net.ipv4.conf.all.medium_id = 0 | |
| net.ipv4.conf.all.promote_secondaries = 0 | |
| net.ipv4.conf.all.proxy_arp = 0 | |
| net.ipv4.conf.all.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.all.shared_media = 1 | |
| net.ipv4.conf.all.src_valid_mark = 0 | |
| net.ipv4.conf.all.tag = 0 | |
| ###### | |
| net.ipv4.conf.default.accept_local = 0 | |
| net.ipv4.conf.default.arp_accept = 0 | |
| net.ipv4.conf.default.arp_announce = 0 | |
| net.ipv4.conf.default.arp_filter = 0 | |
| net.ipv4.conf.default.arp_ignore = 0 | |
| net.ipv4.conf.default.arp_notify = 0 | |
| net.ipv4.conf.default.bootp_relay = 0 | |
| net.ipv4.conf.default.disable_policy = 0 | |
| net.ipv4.conf.default.disable_xfrm = 0 | |
| net.ipv4.conf.default.force_igmp_version = 0 | |
| net.ipv4.conf.default.forwarding = 1 | |
| net.ipv4.conf.default.log_martians = 0 | |
| net.ipv4.conf.default.mc_forwarding = 1 | |
| net.ipv4.conf.default.medium_id = 0 | |
| net.ipv4.conf.default.promote_secondaries = 0 | |
| net.ipv4.conf.default.proxy_arp = 0 | |
| net.ipv4.conf.default.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.default.secure_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| net.ipv4.conf.default.shared_media = 1 | |
| net.ipv4.conf.default.src_valid_mark = 0 | |
| net.ipv4.conf.default.tag = 0 | |
| ##### | |
| net.ipv4.conf.ip6tnl0.accept_local = 0 | |
| net.ipv4.conf.ip6tnl0.accept_redirects = 1 | |
| net.ipv4.conf.ip6tnl0.accept_source_route = 1 | |
| net.ipv4.conf.ip6tnl0.arp_accept = 0 | |
| net.ipv4.conf.ip6tnl0.arp_announce = 0 | |
| net.ipv4.conf.ip6tnl0.arp_filter = 0 | |
| net.ipv4.conf.ip6tnl0.arp_ignore = 0 | |
| net.ipv4.conf.ip6tnl0.arp_notify = 0 | |
| net.ipv4.conf.ip6tnl0.bootp_relay = 0 | |
| net.ipv4.conf.ip6tnl0.disable_policy = 0 | |
| net.ipv4.conf.ip6tnl0.disable_xfrm = 0 | |
| net.ipv4.conf.ip6tnl0.force_igmp_version = 0 | |
| net.ipv4.conf.ip6tnl0.forwarding = 1 | |
| net.ipv4.conf.ip6tnl0.log_martians = 0 | |
| net.ipv4.conf.ip6tnl0.mc_forwarding = 1 | |
| net.ipv4.conf.ip6tnl0.medium_id = 0 | |
| net.ipv4.conf.ip6tnl0.promote_secondaries = 0 | |
| net.ipv4.conf.ip6tnl0.proxy_arp = 0 | |
| net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.ip6tnl0.rp_filter = 0 | |
| net.ipv4.conf.ip6tnl0.secure_redirects = 1 | |
| net.ipv4.conf.ip6tnl0.send_redirects = 1 | |
| net.ipv4.conf.ip6tnl0.shared_media = 1 | |
| net.ipv4.conf.ip6tnl0.src_valid_mark = 0 | |
| net.ipv4.conf.ip6tnl0.tag = 0 | |
| ###### | |
| net.ipv4.conf.rmnet0.forwarding = 1 | |
| net.ipv4.conf.rmnet0.mc_forwarding = 0 | |
| net.ipv4.conf.rmnet0.accept_redirects = 1 | |
| net.ipv4.conf.rmnet0.secure_redirects = 1 | |
| net.ipv4.conf.rmnet0.shared_media = 1 | |
| net.ipv4.conf.rmnet0.rp_filter = 0 | |
| net.ipv4.conf.rmnet0.send_redirects = 1 | |
| net.ipv4.conf.rmnet0.accept_source_route = 1 | |
| net.ipv4.conf.rmnet0.accept_local = 0 | |
| net.ipv4.conf.rmnet0.src_valid_mark = 0 | |
| net.ipv4.conf.rmnet0.proxy_arp = 0 | |
| net.ipv4.conf.rmnet0.medium_id = 0 | |
| net.ipv4.conf.rmnet0.bootp_relay = 0 | |
| net.ipv4.conf.rmnet0.log_martians = 0 | |
| net.ipv4.conf.rmnet0.tag = 0 | |
| net.ipv4.conf.rmnet0.arp_filter = 0 | |
| net.ipv4.conf.rmnet0.arp_announce = 0 | |
| net.ipv4.conf.rmnet0.arp_ignore = 1 | |
| net.ipv4.conf.rmnet0.arp_accept = 0 | |
| net.ipv4.conf.rmnet0.arp_notify = 0 | |
| net.ipv4.conf.rmnet0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.rmnet0.disable_xfrm = 0 | |
| net.ipv4.conf.rmnet0.disable_policy = 0 | |
| net.ipv4.conf.rmnet0.force_igmp_version = 0 | |
| net.ipv4.conf.rmnet0.promote_secondaries = 0 | |
| ###### | |
| net.ipv4.conf.lo.accept_local = 0 | |
| net.ipv4.conf.lo.arp_accept = 0 | |
| net.ipv4.conf.lo.arp_announce = 0 | |
| net.ipv4.conf.lo.arp_filter = 0 | |
| net.ipv4.conf.lo.arp_ignore = 0 | |
| net.ipv4.conf.lo.arp_notify = 0 | |
| net.ipv4.conf.lo.bootp_relay = 0 | |
| net.ipv4.conf.lo.disable_policy = 1 | |
| net.ipv4.conf.lo.disable_xfrm = 1 | |
| net.ipv4.conf.lo.force_igmp_version = 0 | |
| net.ipv4.conf.lo.forwarding = 1 | |
| net.ipv4.conf.lo.mc_forwarding = 1 | |
| net.ipv4.conf.lo.medium_id = 0 | |
| net.ipv4.conf.lo.promote_secondaries = 0 | |
| net.ipv4.conf.lo.proxy_arp = 0 | |
| net.ipv4.conf.lo.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.lo.secure_redirects = 1 | |
| net.ipv4.conf.lo.send_redirects = 1 | |
| net.ipv4.conf.lo.shared_media = 1 | |
| net.ipv4.conf.lo.src_valid_mark = 0 | |
| net.ipv4.conf.lo.tag = 0 | |
| ##### | |
| net.ipv4.conf.p2p0.accept_local = 0 | |
| net.ipv4.conf.p2p0.accept_redirects = 1 | |
| net.ipv4.conf.p2p0.accept_source_route = 1 | |
| net.ipv4.conf.p2p0.arp_accept = 0 | |
| net.ipv4.conf.p2p0.arp_announce = 0 | |
| net.ipv4.conf.p2p0.arp_filter = 0 | |
| net.ipv4.conf.p2p0.arp_ignore = 0 | |
| net.ipv4.conf.p2p0.arp_notify = 0 | |
| net.ipv4.conf.p2p0.bootp_relay = 0 | |
| net.ipv4.conf.p2p0.disable_policy = 0 | |
| net.ipv4.conf.p2p0.disable_xfrm = 0 | |
| net.ipv4.conf.p2p0.force_igmp_version = 0 | |
| net.ipv4.conf.p2p0.forwarding = 1 | |
| net.ipv4.conf.p2p0.log_martians = 0 | |
| net.ipv4.conf.p2p0.mc_forwarding = 1 | |
| net.ipv4.conf.p2p0.medium_id = 0 | |
| net.ipv4.conf.p2p0.promote_secondaries = 0 | |
| net.ipv4.conf.p2p0.proxy_arp = 0 | |
| net.ipv4.conf.p2p0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.p2p0.rp_filter = 0 | |
| net.ipv4.conf.p2p0.secure_redirects = 1 | |
| net.ipv4.conf.p2p0.send_redirects = 1 | |
| net.ipv4.conf.p2p0.shared_media = 1 | |
| net.ipv4.conf.p2p0.src_valid_mark = 0 | |
| net.ipv4.conf.p2p0.tag = 0 | |
| ##### | |
| net.ipv4.conf.sit0.accept_local = 0 | |
| net.ipv4.conf.sit0.accept_redirects = 1 | |
| net.ipv4.conf.sit0.accept_source_route = 1 | |
| net.ipv4.conf.sit0.arp_accept = 0 | |
| net.ipv4.conf.sit0.arp_announce = 0 | |
| net.ipv4.conf.sit0.arp_filter = 0 | |
| net.ipv4.conf.sit0.arp_ignore = 0 | |
| net.ipv4.conf.sit0.arp_notify = 0 | |
| net.ipv4.conf.sit0.bootp_relay = 0 | |
| net.ipv4.conf.sit0.disable_policy = 0 | |
| net.ipv4.conf.sit0.disable_xfrm = 0 | |
| net.ipv4.conf.sit0.force_igmp_version = 0 | |
| net.ipv4.conf.sit0.forwarding = 1 | |
| net.ipv4.conf.sit0.log_martians = 0 | |
| net.ipv4.conf.sit0.mc_forwarding = 1 | |
| net.ipv4.conf.sit0.medium_id = 0 | |
| net.ipv4.conf.sit0.promote_secondaries = 0 | |
| net.ipv4.conf.sit0.proxy_arp = 0 | |
| net.ipv4.conf.sit0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.sit0.rp_filter = 0 | |
| net.ipv4.conf.sit0.secure_redirects = 1 | |
| net.ipv4.conf.sit0.send_redirects = 1 | |
| net.ipv4.conf.sit0.shared_media = 1 | |
| net.ipv4.conf.sit0.src_valid_mark = 0 | |
| net.ipv4.conf.sit0.tag = 0 | |
| ###### | |
| net.ipv4.conf.wlan0.accept_local = 0 | |
| net.ipv4.conf.wlan0.accept_redirects = 1 | |
| net.ipv4.conf.wlan0.accept_source_route = 1 | |
| net.ipv4.conf.wlan0.arp_accept = 0 | |
| net.ipv4.conf.wlan0.arp_announce = 0 | |
| net.ipv4.conf.wlan0.arp_filter = 0 | |
| net.ipv4.conf.wlan0.arp_ignore = 0 | |
| net.ipv4.conf.wlan0.arp_notify = 0 | |
| net.ipv4.conf.wlan0.bootp_relay = 0 | |
| net.ipv4.conf.wlan0.disable_policy = 0 | |
| net.ipv4.conf.wlan0.disable_xfrm = 0 | |
| net.ipv4.conf.wlan0.force_igmp_version = 0 | |
| net.ipv4.conf.wlan0.forwarding = 1 | |
| net.ipv4.conf.wlan0.log_martians = 0 | |
| net.ipv4.conf.wlan0.mc_forwarding = 1 | |
| net.ipv4.conf.wlan0.medium_id = 0 | |
| net.ipv4.conf.wlan0.promote_secondaries = 1 | |
| net.ipv4.conf.wlan0.proxy_arp = 0 | |
| net.ipv4.conf.wlan0.proxy_arp_pvlan = 0 | |
| net.ipv4.conf.wlan0.rp_filter = 0 | |
| net.ipv4.conf.wlan0.secure_redirects = 1 | |
| net.ipv4.conf.wlan0.send_redirects = 1 | |
| net.ipv4.conf.wlan0.shared_media = 1 | |
| net.ipv4.conf.wlan0.src_valid_mark = 0 | |
| net.ipv4.conf.wlan0.tag = 0 | |
| net.ipv4.icmp_errors_use_inbound_ifaddr = 0 | |
| net.ipv4.icmp_ratelimit = 1000 | |
| net.ipv4.igmp_max_memberships = 20 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| #net.ipv4.conf.all.igmp_max_memberships = 20 | |
| # Netfilter | |
| ######## | |
| net.netfilter.nf_log.0 = NONE | |
| net.netfilter.nf_log.1 = NONE | |
| net.netfilter.nf_log.2 = ipt_LOG | |
| net.netfilter.nf_log.3 = NONE | |
| net.netfilter.nf_log.4 = NONE | |
| net.netfilter.nf_log.5 = NONE | |
| net.netfilter.nf_log.6 = NONE | |
| net.netfilter.nf_log.7 = NONE | |
| net.netfilter.nf_log.8 = NONE | |
| net.netfilter.nf_log.9 = NONE | |
| net.netfilter.nf_log.10 = ip6t_LOG | |
| net.netfilter.nf_log.11 = NONE | |
| net.netfilter.nf_log.12 = NONE | |
| net.netfilter.nf_conntrack_buckets = 16384 | |
| net.netfilter.nf_conntrack_count = 36 | |
| net.netfilter.nf_conntrack_dccp_loose = 1 | |
| net.netfilter.nf_conntrack_dccp_timeout_closereq = 64 | |
| net.netfilter.nf_conntrack_dccp_timeout_closing = 64 | |
| net.netfilter.nf_conntrack_dccp_timeout_open = 43200 | |
| net.netfilter.nf_conntrack_dccp_timeout_partopen = 480 | |
| net.netfilter.nf_conntrack_dccp_timeout_request = 240 | |
| net.netfilter.nf_conntrack_dccp_timeout_respond = 480 | |
| net.netfilter.nf_conntrack_dccp_timeout_timewait = 240 | |
| net.netfilter.nf_conntrack_events = 1 | |
| net.netfilter.nf_conntrack_events_retry_timeout = 15 | |
| net.netfilter.nf_conntrack_max = 50168 | |
| net.netfilter.nf_conntrack_expect_max = 256 | |
| net.netfilter.nf_conntrack_frag6_high_thresh = 262144 | |
| net.netfilter.nf_conntrack_frag6_low_thresh = 196608 | |
| net.netfilter.nf_conntrack_frag6_timeout = 60 | |
| net.netfilter.nf_conntrack_generic_timeout = 600 | |
| net.netfilter.nf_conntrack_icmp_timeout = 30 | |
| net.netfilter.nf_conntrack_icmpv6_timeout = 30 | |
| net.netfilter.nf_conntrack_log_invalid = 0 | |
| net.netfilter.nf_conntrack_acct = 0 | |
| net.netfilter.nf_conntrack_checksum = 1 | |
| net.netfilter.nf_conntrack_tcp_timeout_established = 7440 | |
| net.netfilter.nf_conntrack_udp_timeout = 30 | |
| net.netfilter.nf_conntrack_udp_timeout_stream = 180 | |
| #net.netfilter.nf_conntrack_skip_filter = 1 | |
| net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300 | |
| net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 | |
| #net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120 | |
| #net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60 | |
| net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300 | |
| net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30 | |
| net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120 | |
| net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15 | |
| net.netfilter.nf_conntrack_tcp_max_retrans = 3 | |
| net.netfilter.nf_conntrack_tcp_loose = 1 | |
| net.netfilter.nf_conntrack_tcp_be_liberal = 0 | |
| net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0 | |
| #net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0 | |
| net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3 | |
| #net.netfilter.nf_conntrack_sctp_timeout_established = 432000 | |
| net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3 | |
| net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3 | |
| net.netfilter.nf_conntrack_sctp_timeout_closed = 10 | |
| net.netfilter.nf_conntrack_udplite_timeout = 30 | |
| net.netfilter.nf_conntrack_udplite_timeout_stream = 180 | |
| # Disable bridge firewall'ing by default | |
| #net.bridge.bridge-nf-call-arptables = 0 | |
| #net.bridge.bridge-nf-call-ip6tables = 1 | |
| #net.bridge.bridge-nf-call-iptables = 0 | |
| # sysctl -a | grep ipv6 sysctl | |
| ############################### | |
| # IPv6 -> http://test-ipv6.com + RFC 3041/4941 (year: 2001) | |
| # https://code.google.com/p/android/issues/detail?id = 14013 | |
| # https://code.google.com/p/android/issues/detail?id = 31102 | |
| # Only on Lollipop: RFC 6106 | |
| ############################### | |
| net.ipv6.ip_forward = 1 | |
| #net.ipv6.bindv6only = 0 | |
| #net.ipv6.tcp_timestamps = 0 | |
| ##net.ipv6.ip_forward_use_pmtu = 0 | |
| #net.ipv6.conf.all.rp_filter = 0 | |
| #net.ipv6.conf.all.dad_transmits = 1 | |
| #net.ipv6.conf.all.secure_redirects = 0 | |
| net.ipv6.conf.all.forwarding = 1 | |
| #net.ipv6.conf.all.accept_redirects = 0 | |
| #net.ipv6.conf.all.accept_ra = 1 | |
| #net.ipv6.conf.all.accept_dad = 1 | |
| #net.ipv6.conf.all.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.all.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.all.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.all.use_tempaddr = 2 | |
| #net.ipv6.conf.all.temp_valid_lft = 604800 | |
| #net.ipv6.conf.all.autoconf = 1 | |
| #net.ipv6.conf.all.accept_source_route = 0 | |
| #net.ipv6.conf.all.force_mld_version = 0 | |
| #net.ipv6.conf.all.force_tllao = 0 | |
| #net.ipv6.conf.all.hop_limit = 64 | |
| #net.ipv6.conf.all.max_addresses = 16 | |
| #net.ipv6.conf.all.max_desync_factor = 600 | |
| #net.ipv6.conf.all.mtu = 1280 | |
| #net.ipv6.conf.all.optimistic_dad = 0 | |
| #net.ipv6.conf.all.use_optimistic = 0 | |
| #net.ipv6.conf.all.proxy_ndp = 2 | |
| #net.ipv6.conf.all.regen_max_retry = 3 | |
| #net.ipv6.conf.all.router_probe_interval = 60 | |
| #net.ipv6.conf.all.router_solicitation_delay = 1 | |
| #net.ipv6.conf.all.router_solicitation_interval = 4 | |
| #net.ipv6.conf.all.router_solicitations = 3 | |
| #net.ipv6.conf.all.temp_prefered_lft = 86400 | |
| # sysctl -A | grep autoconf for all interfaces - do not disable autoconf!! | |
| ##### | |
| #net.ipv6.conf.default.secure_redirects = 0 | |
| #net.ipv6.conf.default.autoconf = 1 | |
| net.ipv6.conf.default.accept_redirects = 0 | |
| net.ipv6.conf.default.use_tempaddr = 2 | |
| #net.ipv6.conf.default.accept_dad = 1 | |
| #net.ipv6.conf.default.accept_ra = 0 | |
| #net.ipv6.conf.default.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.default.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.default.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.default.accept_source_route = 0 | |
| #net.ipv6.conf.default.dad_transmits = 1 | |
| #net.ipv6.conf.default.force_mld_version = 0 | |
| #net.ipv6.conf.default.force_tllao = 0 | |
| net.ipv6.conf.default.forwarding = 1 | |
| #net.ipv6.conf.default.hop_limit = 64 | |
| #net.ipv6.conf.default.max_addresses = 16 | |
| #net.ipv6.conf.default.max_desync_factor = 600 | |
| #net.ipv6.conf.default.mtu = 1280 | |
| #net.ipv6.conf.default.optimistic_dad = 0 | |
| #net.ipv6.conf.default.proxy_ndp = 0 | |
| #net.ipv6.conf.default.regen_max_retry = 3 | |
| #net.ipv6.conf.default.router_probe_interval = 60 | |
| #net.ipv6.conf.default.router_solicitation_delay = 1 | |
| #net.ipv6.conf.default.router_solicitation_interval = 4 | |
| #net.ipv6.conf.default.router_solicitations = 3 | |
| #net.ipv6.conf.default.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.default.temp_valid_lft = 604800 | |
| ##### | |
| net.ipv6.conf.ip6tnl0.forwarding = 1 | |
| #net.ipv6.conf.ip6tnl0.hop_limit = 64 | |
| #net.ipv6.conf.ip6tnl0.mtu = 1452 | |
| #net.ipv6.conf.ip6tnl0.accept_ra = 2 | |
| #net.ipv6.conf.ip6tnl0.accept_redirects = 1 | |
| #net.ipv6.conf.ip6tnl0.autoconf = 1 | |
| #net.ipv6.conf.ip6tnl0.dad_transmits = 1 | |
| #net.ipv6.conf.ip6tnl0.router_solicitations = 3 | |
| #net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4 | |
| #net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1 | |
| #net.ipv6.conf.ip6tnl0.force_mld_version = 0 | |
| #net.ipv6.conf.ip6tnl0.use_tempaddr = 2 | |
| #net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.ip6tnl0.regen_max_retry = 3 | |
| #net.ipv6.conf.ip6tnl0.max_desync_factor = 600 | |
| #net.ipv6.conf.ip6tnl0.max_addresses = 16 | |
| #net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.ip6tnl0.router_probe_interval = 60 | |
| #net.ipv6.conf.ip6tnl0.proxy_ndp = 0 | |
| #net.ipv6.conf.ip6tnl0.accept_source_route = 0 | |
| #net.ipv6.conf.ip6tnl0.optimistic_dad = 0 | |
| net.ipv6.conf.ip6tnl0.disable_ipv6 = 1 | |
| #net.ipv6.conf.ip6tnl0.accept_dad = -1 | |
| #net.ipv6.conf.ip6tnl0.force_tllao = 0 | |
| ##### | |
| #net.ipv6.conf.lo.accept_dad = -1 | |
| #net.ipv6.conf.lo.accept_ra = 2 | |
| #net.ipv6.conf.lo.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.lo.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.lo.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.lo.accept_redirects = 1 | |
| #net.ipv6.conf.lo.accept_source_route = 0 | |
| #net.ipv6.conf.lo.autoconf = 1 | |
| #net.ipv6.conf.lo.dad_transmits = 1 | |
| net.ipv6.conf.lo.disable_ipv6 = 1 | |
| #net.ipv6.conf.lo.force_mld_version = 0 | |
| #net.ipv6.conf.lo.force_tllao = 0 | |
| #net.ipv6.conf.lo.forwarding = 1 | |
| #net.ipv6.conf.lo.hop_limit = 64 | |
| #net.ipv6.conf.lo.max_addresses = 16 | |
| #net.ipv6.conf.lo.max_desync_factor = 600 | |
| #net.ipv6.conf.lo.mtu = 16436 | |
| #net.ipv6.conf.lo.optimistic_dad = 1 | |
| #net.ipv6.conf.lo.proxy_ndp = 0 | |
| #net.ipv6.conf.lo.regen_max_retry = 3 | |
| #net.ipv6.conf.lo.router_probe_interval = 60 | |
| #net.ipv6.conf.lo.router_solicitation_delay = 1 | |
| #net.ipv6.conf.lo.router_solicitation_interval = 4 | |
| #net.ipv6.conf.lo.router_solicitations = 3 | |
| #net.ipv6.conf.lo.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.lo.temp_valid_lft = 604800 | |
| #net.ipv6.conf.lo.use_tempaddr = 2 | |
| ###### | |
| #net.ipv6.conf.p2p0.accept_dad = 1 | |
| #net.ipv6.conf.p2p0.accept_ra = 2 | |
| #net.ipv6.conf.p2p0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.p2p0.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.p2p0.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.p2p0.accept_redirects = 1 | |
| #net.ipv6.conf.p2p0.accept_source_route = 0 | |
| #net.ipv6.conf.p2p0.autoconf = 1 | |
| #net.ipv6.conf.p2p0.dad_transmits = 1 | |
| net.ipv6.conf.p2p0.disable_ipv6 = 1 | |
| #net.ipv6.conf.p2p0.force_mld_version = 0 | |
| #net.ipv6.conf.p2p0.force_tllao = 0 | |
| #net.ipv6.conf.p2p0.forwarding = 1 | |
| #net.ipv6.conf.p2p0.hop_limit = 64 | |
| #net.ipv6.conf.p2p0.max_addresses = 16 | |
| #net.ipv6.conf.p2p0.max_desync_factor = 600 | |
| #net.ipv6.conf.p2p0.mtu = 1500 | |
| #net.ipv6.conf.p2p0.optimistic_dad = 0 | |
| #net.ipv6.conf.p2p0.proxy_ndp = 0 | |
| #net.ipv6.conf.p2p0.regen_max_retry = 3 | |
| #net.ipv6.conf.p2p0.router_probe_interval = 60 | |
| #net.ipv6.conf.p2p0.router_solicitation_delay = 1 | |
| #net.ipv6.conf.p2p0.router_solicitation_interval = 4 | |
| #net.ipv6.conf.p2p0.router_solicitations = 3 | |
| #net.ipv6.conf.p2p0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.p2p0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.p2p0.use_tempaddr = 2 | |
| ##### | |
| net.ipv6.conf.sit0.forwarding = 1 | |
| #net.ipv6.conf.sit0.hop_limit = 64 | |
| #net.ipv6.conf.sit0.mtu = 1480 | |
| #net.ipv6.conf.sit0.accept_ra = 2 | |
| #net.ipv6.conf.sit0.accept_redirects = 1 | |
| #net.ipv6.conf.sit0.autoconf = 1 | |
| #net.ipv6.conf.sit0.dad_transmits = 1 | |
| #net.ipv6.conf.sit0.router_solicitations = 3 | |
| #net.ipv6.conf.sit0.router_solicitation_interval = 4 | |
| #net.ipv6.conf.sit0.router_solicitation_delay = 1 | |
| #net.ipv6.conf.sit0.force_mld_version = 0 | |
| #net.ipv6.conf.sit0.use_tempaddr = 2 | |
| #net.ipv6.conf.sit0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.sit0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.sit0.regen_max_retry = 3 | |
| #net.ipv6.conf.sit0.max_desync_factor = 600 | |
| #net.ipv6.conf.sit0.max_addresses = 16 | |
| #net.ipv6.conf.sit0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.sit0.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.sit0.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.sit0.router_probe_interval = 60 | |
| #net.ipv6.conf.sit0.proxy_ndp = 0 | |
| #net.ipv6.conf.sit0.accept_source_route = 0 | |
| #net.ipv6.conf.sit0.optimistic_dad = 0 | |
| net.ipv6.conf.sit0.disable_ipv6 = 1 | |
| #net.ipv6.conf.sit0.accept_dad = -1 | |
| #net.ipv6.conf.sit0.force_tllao = 0 | |
| ##### | |
| #net.ipv6.conf.wlan0.accept_dad = 1 | |
| #net.ipv6.conf.wlan0.accept_ra = 2 | |
| #net.ipv6.conf.wlan0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.wlan0.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.wlan0.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.wlan0.accept_redirects = 1 | |
| #net.ipv6.conf.wlan0.accept_source_route = 0 | |
| #net.ipv6.conf.wlan0.autoconf = 1 | |
| #net.ipv6.conf.wlan0.dad_transmits = 1 | |
| #net.ipv6.conf.wlan0.disable_ipv6 = 1 | |
| #net.ipv6.conf.wlan0.force_mld_version = 0 | |
| #net.ipv6.conf.wlan0.force_tllao = 0 | |
| #net.ipv6.conf.wlan0.forwarding = 1 | |
| #net.ipv6.conf.wlan0.hop_limit = 64 | |
| #net.ipv6.conf.wlan0.max_addresses = 16 | |
| #net.ipv6.conf.wlan0.max_desync_factor = 600 | |
| #net.ipv6.conf.wlan0.mtu = 1500 | |
| #net.ipv6.conf.wlan0.optimistic_dad = 0 | |
| #net.ipv6.conf.wlan0.proxy_ndp = 0 | |
| #net.ipv6.conf.wlan0.regen_max_retry = 3 | |
| #net.ipv6.conf.wlan0.router_probe_interval = 60 | |
| #net.ipv6.conf.wlan0.router_solicitation_delay = 5 | |
| #net.ipv6.conf.wlan0.router_solicitation_interval = 1 | |
| #net.ipv6.conf.wlan0.router_solicitations = 5 | |
| # sysctl -e -q -p /etc/sysctl.conf in a running system | |
| #rcnetwork restart!!!! | |
| #net.ipv6.conf.wlan0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.wlan0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.wlan0.use_tempaddr = 2 | |
| #net.ipv6.icmp.ratelimit = 1000 | |
| #net.ipv6.ip6frag_high_thresh = 262144 | |
| #net.ipv6.ip6frag_low_thresh = 196608 | |
| #net.ipv6.ip6frag_secret_interval = 600 | |
| #net.ipv6.ip6frag_time = 60 | |
| #net.ipv6.mld_max_msf = 64 | |
| ###### | |
| #net.ipv6.neigh.default.anycast_delay = 100 | |
| #net.ipv6.neigh.default.app_solicit = 0 | |
| #net.ipv6.neigh.default.base_reachable_time = 30 | |
| #net.ipv6.neigh.default.base_reachable_time_ms = 30000 | |
| #net.ipv6.neigh.default.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.default.gc_interval = 30 | |
| #net.ipv6.neigh.default.gc_stale_time = 60 | |
| #net.ipv6.neigh.default.gc_thresh1 = 128 | |
| #net.ipv6.neigh.default.gc_thresh2 = 512 | |
| #net.ipv6.neigh.default.gc_thresh3 = 1024 | |
| #net.ipv6.neigh.default.locktime = 0 | |
| #net.ipv6.neigh.default.mcast_solicit = 3 | |
| #net.ipv6.neigh.default.proxy_delay = 80 | |
| #net.ipv6.neigh.default.proxy_qlen = 64 | |
| #net.ipv6.neigh.default.retrans_time = 200 | |
| #net.ipv6.neigh.default.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.default.ucast_solicit = 3 | |
| #net.ipv6.neigh.default.unres_qlen = 35 | |
| #net.ipv6.neigh.default.unres_qlen_bytes = 65536 | |
| ##### | |
| #net.ipv6.neigh.ip6tnl0.mcast_solicit = 3 | |
| #net.ipv6.neigh.ip6tnl0.ucast_solicit = 3 | |
| #net.ipv6.neigh.ip6tnl0.app_solicit = 0 | |
| #net.ipv6.neigh.ip6tnl0.retrans_time = 200 | |
| #net.ipv6.neigh.ip6tnl0.base_reachable_time = 30 | |
| #net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.ip6tnl0.gc_stale_time = 60 | |
| #net.ipv6.neigh.ip6tnl0.unres_qlen = 3 | |
| #net.ipv6.neigh.ip6tnl0.proxy_qlen = 64 | |
| #net.ipv6.neigh.ip6tnl0.anycast_delay = 100 | |
| #net.ipv6.neigh.ip6tnl0.proxy_delay = 80 | |
| #net.ipv6.neigh.ip6tnl0.locktime = 0 | |
| #net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000 | |
| ###### | |
| #net.ipv6.neigh.lo.app_solicit = 0 | |
| #net.ipv6.neigh.lo.anycast_delay = 100 | |
| #net.ipv6.neigh.lo.ucast_solicit = 3 | |
| #net.ipv6.neigh.lo.base_reachable_time = 30 | |
| #net.ipv6.neigh.lo.base_reachable_time_ms = 30000 | |
| #net.ipv6.neigh.lo.unres_qlen = 35 | |
| #net.ipv6.neigh.lo.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.lo.gc_stale_time = 60 | |
| #net.ipv6.neigh.lo.locktime = 0 | |
| #net.ipv6.neigh.lo.proxy_delay = 80 | |
| #net.ipv6.neigh.lo.mcast_solicit = 3 | |
| #net.ipv6.neigh.lo.proxy_qlen = 64 | |
| #net.ipv6.neigh.lo.retrans_time = 200 | |
| #net.ipv6.neigh.lo.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.lo.unres_qlen_bytes = 65536 | |
| ###### | |
| #net.ipv6.neigh.p2p0.anycast_delay = 100 | |
| #net.ipv6.neigh.p2p0.app_solicit = 0 | |
| #net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000 | |
| #net.ipv6.neigh.p2p0.base_reachable_time = 30 | |
| #net.ipv6.neigh.p2p0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.p2p0.gc_stale_time = 60 | |
| #net.ipv6.neigh.p2p0.locktime = 0 | |
| #net.ipv6.neigh.p2p0.mcast_solicit = 3 | |
| #net.ipv6.neigh.p2p0.unres_qlen = 35 | |
| #net.ipv6.neigh.p2p0.proxy_delay = 80 | |
| #net.ipv6.neigh.p2p0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.p2p0.proxy_qlen = 64 | |
| #net.ipv6.neigh.p2p0.retrans_time = 200 | |
| #net.ipv6.neigh.p2p0.ucast_solicit = 3 | |
| #net.ipv6.neigh.p2p0.unres_qlen_bytes = 65536 | |
| #net.ipv6.xfrm6_gc_thresh = 2048 | |
| #net.ipv6.route.mtu_expires = 600 | |
| #net.ipv6.route.flush = 1 | |
| #net.ipv6.route.min_adv_mss = 1220 | |
| #net.ipv6.route.max_size = 4096 | |
| #net.ipv6.route.gc_timeout = 60 | |
| #net.ipv6.route.gc_thresh = 1024 | |
| #net.ipv6.route.gc_min_interval_ms = 500 | |
| #net.ipv6.route.gc_min_interval = 0 | |
| #net.ipv6.route.gc_interval = 30 | |
| ##### | |
| #net.ipv6.neigh.sit0.mcast_solicit = 3 | |
| #net.ipv6.neigh.sit0.proxy_qlen = 64 | |
| #net.ipv6.neigh.sit0.proxy_delay = 80 | |
| #net.ipv6.neigh.sit0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.sit0.locktime = 0 | |
| #net.ipv6.neigh.sit0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.sit0.base_reachable_time_ms = 30000 | |
| #net.ipv6.neigh.sit0.base_reachable_time = 30 | |
| #net.ipv6.neigh.sit0.gc_stale_time = 60 | |
| #net.ipv6.neigh.sit0.app_solicit = 0 | |
| #net.ipv6.neigh.sit0.anycast_delay = 100 | |
| #net.ipv6.neigh.sit0.retrans_time = 200 | |
| #net.ipv6.neigh.sit0.unres_qlen_bytes = 65536 | |
| #net.ipv6.neigh.sit0.unres_qlen = 35 | |
| #net.ipv6.neigh.sit0.ucast_solicit = 3 | |
| ##### | |
| #net.ipv6.neigh.wlan0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.wlan0.retrans_time = 200 | |
| #net.ipv6.neigh.wlan0.ucast_solicit = 3 | |
| #net.ipv6.neigh.wlan0.unres_qlen_bytes = 65536 | |
| #net.ipv6.neigh.wlan0.app_solicit = 0 | |
| #net.ipv6.neigh.wlan0.anycast_delay = 100 | |
| #net.ipv6.neigh.wlan0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000 | |
| #net.ipv6.neigh.wlan0.base_reachable_time = 30 | |
| #net.ipv6.neigh.wlan0.locktime = 0 | |
| #net.ipv6.neigh.wlan0.gc_stale_time = 60 | |
| #net.ipv6.neigh.wlan0.proxy_qlen = 64 | |
| #net.ipv6.neigh.wlan0.mcast_solicit = 3 | |
| #net.ipv6.neigh.wlan0.proxy_delay = 80 | |
| #net.ipv6.neigh.wlan0.unres_qlen = 35 | |
| #net.ipv6.route.gc_elasticity = 9 | |
| #net.ipv6.conf.rndis0.mtu = 1500 | |
| #net.ipv6.conf.rndis0.force_tllao = 0 | |
| #net.ipv6.conf.rndis0.accept_dad = 1 | |
| net.ipv6.conf.rndis0.disable_ipv6 = 1 | |
| #net.ipv6.conf.rndis0.optimistic_dad = 0 | |
| #net.ipv6.conf.rndis0.accept_source_route = 0 | |
| #net.ipv6.conf.rndis0.proxy_ndp = 0 | |
| #net.ipv6.conf.rndis0.router_probe_interval = 60 | |
| #net.ipv6.conf.rndis0.accept_ra_rtr_pref = 1 | |
| net.ipv6.conf.rndis0.forwarding = 1 | |
| #net.ipv6.conf.rndis0.hop_limit = 64 | |
| #net.ipv6.conf.rndis0.accept_ra = 2 | |
| #net.ipv6.conf.rndis0.accept_redirects = 1 | |
| #net.ipv6.conf.rndis0.autoconf = 1 | |
| #net.ipv6.conf.rndis0.dad_transmits = 1 | |
| #net.ipv6.conf.rndis0.router_solicitations = 3 | |
| #net.ipv6.conf.rndis0.router_solicitation_interval = 4 | |
| #net.ipv6.conf.rndis0.router_solicitation_delay = 1 | |
| #net.ipv6.conf.rndis0.force_mld_version = 0 | |
| #net.ipv6.conf.rndis0.use_tempaddr = 2 | |
| #net.ipv6.conf.rndis0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.rndis0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.rndis0.regen_max_retry = 3 | |
| #net.ipv6.conf.rndis0.max_desync_factor = 600 | |
| #net.ipv6.conf.rndis0.max_addresses = 16 | |
| #net.ipv6.conf.rndis0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.rndis0.accept_ra_pinfo = 1 | |
| net.ipv6.conf.rmnet2.forwarding = 1 | |
| #net.ipv6.conf.rmnet2.hop_limit = 64 | |
| #net.ipv6.conf.rmnet2.mtu = 1500 | |
| #net.ipv6.conf.rmnet2.accept_ra = 2 | |
| #net.ipv6.conf.rmnet2.accept_redirects = 1 | |
| #net.ipv6.conf.rmnet2.autoconf = 1 | |
| #net.ipv6.conf.rmnet2.dad_transmits = 1 | |
| #net.ipv6.conf.rmnet2.router_solicitations = 3 | |
| #net.ipv6.conf.rmnet2.router_solicitation_interval = 4 | |
| #net.ipv6.conf.rmnet2.router_solicitation_delay = 1 | |
| #net.ipv6.conf.rmnet2.force_mld_version = 0 | |
| #net.ipv6.conf.rmnet2.use_tempaddr = 2 | |
| #net.ipv6.conf.rmnet2.temp_valid_lft = 604800 | |
| #net.ipv6.conf.rmnet2.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.rmnet2.regen_max_retry = 3 | |
| #net.ipv6.conf.rmnet2.max_desync_factor = 600 | |
| #net.ipv6.conf.rmnet2.max_addresses = 16 | |
| #net.ipv6.conf.rmnet2.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.rmnet2.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.rmnet2.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.rmnet2.router_probe_interval = 60 | |
| #net.ipv6.conf.rmnet2.proxy_ndp = 0 | |
| #net.ipv6.conf.rmnet2.accept_source_route = 0 | |
| #net.ipv6.conf.rmnet2.optimistic_dad = 0 | |
| net.ipv6.conf.rmnet2.disable_ipv6 = 1 | |
| #net.ipv6.conf.rmnet2.accept_dad = -1 | |
| #net.ipv6.conf.rmnet2.force_tllao = 0 | |
| #### | |
| net.ipv6.conf.rmnet1.forwarding = 1 | |
| #net.ipv6.conf.rmnet1.hop_limit = 64 | |
| #net.ipv6.conf.rmnet1.mtu = 1500 | |
| #net.ipv6.conf.rmnet1.accept_ra = 2 | |
| #net.ipv6.conf.rmnet1.accept_redirects = 1 | |
| #net.ipv6.conf.rmnet1.autoconf = 1 | |
| #net.ipv6.conf.rmnet1.dad_transmits = 1 | |
| #net.ipv6.conf.rmnet1.router_solicitations = 3 | |
| #net.ipv6.conf.rmnet1.router_solicitation_interval = 4 | |
| #net.ipv6.conf.rmnet1.router_solicitation_delay = 1 | |
| #net.ipv6.conf.rmnet1.force_mld_version = 0 | |
| #net.ipv6.conf.rmnet1.use_tempaddr = 2 | |
| #net.ipv6.conf.rmnet1.temp_valid_lft = 604800 | |
| #net.ipv6.conf.rmnet1.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.rmnet1.regen_max_retry = 3 | |
| #net.ipv6.conf.rmnet1.max_desync_factor = 600 | |
| #net.ipv6.conf.rmnet1.max_addresses = 16 | |
| #net.ipv6.conf.rmnet1.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.rmnet1.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.rmnet1.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.rmnet1.router_probe_interval = 60 | |
| #net.ipv6.conf.rmnet1.proxy_ndp = 0 | |
| #net.ipv6.conf.rmnet1.accept_source_route = 0 | |
| #net.ipv6.conf.rmnet1.optimistic_dad = 0 | |
| net.ipv6.conf.rmnet1.disable_ipv6 = 1 | |
| #net.ipv6.conf.rmnet1.accept_dad = -1 | |
| #net.ipv6.conf.rmnet1.force_tllao = 0 | |
| #### | |
| net.ipv6.conf.rmnet0.forwarding = 1 | |
| #net.ipv6.conf.rmnet0.hop_limit = 64 | |
| #net.ipv6.conf.rmnet0.mtu = 1358 | |
| #net.ipv6.conf.rmnet0.accept_ra = 2 | |
| #net.ipv6.conf.rmnet0.accept_redirects = 1 | |
| #net.ipv6.conf.rmnet0.autoconf = 1 | |
| #net.ipv6.conf.rmnet0.dad_transmits = 1 | |
| #net.ipv6.conf.rmnet0.router_solicitations = 3 | |
| #net.ipv6.conf.rmnet0.router_solicitation_interval = 4 | |
| #net.ipv6.conf.rmnet0.router_solicitation_delay = 1 | |
| #net.ipv6.conf.rmnet0.force_mld_version = 0 | |
| #net.ipv6.conf.rmnet0.use_tempaddr = 2 | |
| #net.ipv6.conf.rmnet0.temp_valid_lft = 604800 | |
| #net.ipv6.conf.rmnet0.temp_prefered_lft = 86400 | |
| #net.ipv6.conf.rmnet0.regen_max_retry = 3 | |
| #net.ipv6.conf.rmnet0.max_desync_factor = 600 | |
| #net.ipv6.conf.rmnet0.max_addresses = 16 | |
| #net.ipv6.conf.rmnet0.accept_ra_defrtr = 1 | |
| #net.ipv6.conf.rmnet0.accept_ra_pinfo = 1 | |
| #net.ipv6.conf.rmnet0.accept_ra_rtr_pref = 1 | |
| #net.ipv6.conf.rmnet0.router_probe_interval = 60 | |
| #net.ipv6.conf.rmnet0.proxy_ndp = 0 | |
| #net.ipv6.conf.rmnet0.accept_source_route = 0 | |
| #net.ipv6.conf.rmnet0.optimistic_dad = 0 | |
| net.ipv6.conf.rmnet0.disable_ipv6 = 1 | |
| #net.ipv6.conf.rmnet0.accept_dad = -1 | |
| #net.ipv6.conf.rmnet0.force_tllao = 0 | |
| ###### | |
| #net.ipv6.neigh.rndis0.mcast_solicit = 3 | |
| #net.ipv6.neigh.rndis0.ucast_solicit = 3 | |
| #net.ipv6.neigh.rndis0.app_solicit = 0 | |
| #net.ipv6.neigh.rndis0.retrans_time = 200 | |
| #net.ipv6.neigh.rndis0.base_reachable_time = 30 | |
| #net.ipv6.neigh.rndis0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.rndis0.gc_stale_time = 60 | |
| #net.ipv6.neigh.rndis0.unres_qlen = 3 | |
| #net.ipv6.neigh.rndis0.proxy_qlen = 64 | |
| #net.ipv6.neigh.rndis0.anycast_delay = 100 | |
| #net.ipv6.neigh.rndis0.proxy_delay = 80 | |
| #net.ipv6.neigh.rndis0.locktime = 0 | |
| #net.ipv6.neigh.rndis0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.rndis0.base_reachable_time_ms = 30000 | |
| ###### | |
| #net.ipv6.neigh.rmnet2.mcast_solicit = 3 | |
| #net.ipv6.neigh.rmnet2.ucast_solicit = 3 | |
| #net.ipv6.neigh.rmnet2.app_solicit = 0 | |
| #net.ipv6.neigh.rmnet2.retrans_time = 200 | |
| #net.ipv6.neigh.rmnet2.base_reachable_time = 30 | |
| #net.ipv6.neigh.rmnet2.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.rmnet2.gc_stale_time = 60 | |
| #net.ipv6.neigh.rmnet2.unres_qlen = 3 | |
| #net.ipv6.neigh.rmnet2.proxy_qlen = 64 | |
| #net.ipv6.neigh.rmnet2.anycast_delay = 100 | |
| #net.ipv6.neigh.rmnet2.proxy_delay = 80 | |
| #net.ipv6.neigh.rmnet2.locktime = 0 | |
| #net.ipv6.neigh.rmnet2.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.rmnet2.base_reachable_time_ms = 30000 | |
| ###### | |
| #net.ipv6.neigh.rmnet1.mcast_solicit = 3 | |
| #net.ipv6.neigh.rmnet1.ucast_solicit = 3 | |
| #net.ipv6.neigh.rmnet1.app_solicit = 0 | |
| #net.ipv6.neigh.rmnet1.retrans_time = 200 | |
| #net.ipv6.neigh.rmnet1.base_reachable_time = 30 | |
| #net.ipv6.neigh.rmnet1.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.rmnet1.gc_stale_time = 60 | |
| #net.ipv6.neigh.rmnet1.unres_qlen = 3 | |
| #net.ipv6.neigh.rmnet1.proxy_qlen = 64 | |
| #net.ipv6.neigh.rmnet1.anycast_delay = 100 | |
| #net.ipv6.neigh.rmnet1.proxy_delay = 80 | |
| #net.ipv6.neigh.rmnet1.locktime = 0 | |
| #net.ipv6.neigh.rmnet1.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.rmnet1.base_reachable_time_ms = 30000 | |
| ###### | |
| #net.ipv6.neigh.rmnet0.mcast_solicit = 3 | |
| #net.ipv6.neigh.rmnet0.ucast_solicit = 3 | |
| #net.ipv6.neigh.rmnet0.app_solicit = 0 | |
| #net.ipv6.neigh.rmnet0.retrans_time = 200 | |
| #net.ipv6.neigh.rmnet0.base_reachable_time = 30 | |
| #net.ipv6.neigh.rmnet0.delay_first_probe_time = 5 | |
| #net.ipv6.neigh.rmnet0.gc_stale_time = 60 | |
| #net.ipv6.neigh.rmnet0.unres_qlen = 3 | |
| #net.ipv6.neigh.rmnet0.proxy_qlen = 64 | |
| #net.ipv6.neigh.rmnet0.anycast_delay = 100 | |
| #net.ipv6.neigh.rmnet0.proxy_delay = 80 | |
| #net.ipv6.neigh.rmnet0.locktime = 0 | |
| #net.ipv6.neigh.rmnet0.retrans_time_ms = 1000 | |
| #net.ipv6.neigh.rmnet0.base_reachable_time_ms = 30000 | |
| ###### | |
| # Disable IPv6 | |
| ############### | |
| net.ipv6.conf.all.disable_ipv6 = 1 | |
| net.ipv6.conf.default.disable_ipv6 = 1 | |
| #net.ipv6.conf.wlan0.disable_ipv6 = 1 | |
| #net.ipv6.conf.$WIFI.disable_ipv6 = 1 | |
| # Wireless + TCP Speed & Security Tweaks | |
| ############### | |
| #net.core.bpf_jit_enable = 0 | |
| net.core.rmem_default = 262144 | |
| net.core.wmem_default = 131072 | |
| net.core.xfrm_larval_drop = 1 | |
| net.core.dev_weight = 64 | |
| net.core.message_burst = 10 | |
| net.core.message_cost = 5 | |
| net.core.netdev_budget = 300 | |
| net.core.netdev_tstamp_prequeue = 1 | |
| net.core.optmem_max = 10240 | |
| #net.core.hot_list_length = 1024 | |
| net.core.rmem_default = 163840 | |
| net.core.rmem_max = 16777216 | |
| net.core.rps_sock_flow_entries = 0 | |
| net.core.somaxconn = 1024 | |
| net.core.warnings = 1 | |
| net.core.wmem_max = 16777216 | |
| net.core.xfrm_acq_expires = 30 | |
| net.core.xfrm_aevent_etime = 10 | |
| net.core.xfrm_aevent_rseqth = 2 | |
| net.unix.max_dgram_qlen = 50 | |
| net.nf_conntrack_max = 50168 | |
| net.phonet.local_port_range = 64 255 | |
| net.core.netdev_max_backlog = 2500 | |
| # Define TCP buffer sizes for various networks | |
| # ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax | |
| ############### | |
| net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728 | |
| net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144 | |
| net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576 | |
| net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960 | |
| net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216 | |
| net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144 | |
| net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576 | |
| ############################### | |
| # VM & Filesystem tweaks | |
| # (specifies amount of virtual RAM, | |
| # if it should kill a task or not, | |
| # how often to refer to cache) | |
| ############################### | |
| #pm.sleep_mode = 1 | |
| #fs.lease-break-time = 45 | |
| #fs.file-max = 80249 | |
| fs.nr_open = 1048576 | |
| fs.leases-enable = 1 | |
| #fs.inotify.max_queued_events = 16384 | |
| #fs.inotify.max_user_instances = 256 | |
| # Increase the number of possible inotify(7) watches | |
| #fs.inotify.max_user_watches = 8192 | |
| #fs.overflowgid = 65534 | |
| #fs.protected_hardlinks = 1 | |
| fs.overflowuid = 65534 | |
| #fs.protected_symlinks = 1 | |
| #vm.overcommit_memory = 0 | |
| vm.min_free_order_shift = 4 | |
| #vm.oom_dump_tasks = 1 | |
| vm.lowmem_reserve_ratio = 96 96 | |
| #vm.legacy_va_layout = 0 | |
| #vm.page-cluster = 3 | |
| vm.overcommit_ratio = 0 | |
| vm.drop_caches = 0 | |
| #vm.extfrag_threshold = 500 | |
| vm.swappiness = 0 | |
| vm.dirty_writeback_centisecs = 2000 | |
| #vm.dirty_expire_centisecs = 200 | |
| vm.dirty_ratio = 20 | |
| vm.highmem_is_dirtyable = 0 | |
| vm.dirty_background_ratio = 2 | |
| #vm.max_map_count = 65530 | |
| #vm.dirty_writeback_centisecs = 500 | |
| vm.oom_kill_allocating_task = 0 | |
| vm.nr_pdflush_threads = 0 | |
| vm.mmap_min_addr = 4096 | |
| #vm.min_free_kbytes = 8192 | |
| vm.panic_on_oom = 0 | |
| vm.vfs_cache_pressure = 100 | |
| vm.laptop.mode = 0 | |
| vm.block_dump = 0 | |
| vm.scan_unevictable_pages = 0 | |
| vm.percpu_pagelist_fraction = 0 | |
| vm.stat_interval = 1 | |
| #vold.post_fs_data_done = 1 | |
| #vm.dirty_background_bytes = 0 | |
| #vm.dirty_bytes = 0 | |
| # Disables logging | |
| ############### | |
| #rm /dev/log/main | |
| dev.scsi.logging_level = 0 | |
| #fs.dentry-state = 22620 12592 45 0 0 0 | |
| #fs.epoll.max_user_watches = 217429 | |
| #fs.file-nr = 4032 0 180195 | |
| #fs.inode-nr = 15905 7235 | |
| #fs.inode-state = 20259 0 0 0 0 0 0 | |
| fs.suid_dumpable = 0 | |
| fs.pipe-max-size = 1048576 | |
| #kernel.auto_msgmni = 1 | |
| kernel.blk_iopoll = 1 | |
| #kernel.cap_last_cap = 36 | |
| ############### | |
| # Kernel | |
| ############### | |
| kernel.random.write_wakeup_threshold = 2048 | |
| #kernel.sched_features = 24189 | |
| #kernel.sched_compat_yield = 1 | |
| #kernel.sched_shares_ratelimit = 256000 | |
| kernel.sched_child_runs_first = 0 | |
| kernel.exec-shield = 1 | |
| #kernel.randomize_va_spac = 1 | |
| #kernel.grsecurity.harden_ptrace = 1 | |
| #kernel.watchdog_thresh = 10 | |
| kernel.watchdog = 1 | |
| #kernel.version = 479 SMP PREEMPT Mon Mar 30 13:32:29 CEST 2015 | |
| kernel.real-root-dev = 0 | |
| #kernel.sched_autogroup_enabled = 0 | |
| #kernel.sched_migration_cost_ns = 5000000 | |
| #kernel.sched_domain.cpu0.domain0.busy_factor = 64 | |
| #kernel.sched_domain.cpu0.domain0.busy_idx = 2 | |
| #kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1 | |
| #kernel.sched_domain.cpu0.domain0.flags = 4143 | |
| #kernel.sched_domain.cpu0.domain0.forkexec_idx = 0 | |
| #kernel.sched_domain.cpu0.domain0.idle_idx = 1 | |
| #kernel.sched_domain.cpu0.domain0.imbalance_pct = 125 | |
| #kernel.sched_domain.cpu0.domain0.max_interval = 4 | |
| #kernel.sched_domain.cpu0.domain0.min_interval = 1 | |
| #kernel.sched_domain.cpu0.domain0.name = CPU | |
| #kernel.sched_domain.cpu0.domain0.newidle_idx = 0 | |
| #kernel.sched_domain.cpu0.domain0.wake_idx = 0 | |
| #kernel.sched_domain.cpu1.domain0.busy_factor = 64 | |
| #kernel.sched_domain.cpu1.domain0.busy_idx = 2 | |
| #kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1 | |
| #kernel.sched_domain.cpu1.domain0.flags = 4143 | |
| #kernel.sched_domain.cpu1.domain0.forkexec_idx = 0 | |
| #kernel.sched_domain.cpu1.domain0.idle_idx = 1 | |
| #kernel.sched_domain.cpu1.domain0.imbalance_pct = 125 | |
| #kernel.sched_domain.cpu1.domain0.max_interval = 4 | |
| #kernel.sched_domain.cpu1.domain0.min_interval = 1 | |
| #kernel.sched_domain.cpu1.domain0.name = CPU | |
| #kernel.sched_domain.cpu1.domain0.newidle_idx = 0 | |
| #kernel.sched_domain.cpu1.domain0.wake_idx = 0 | |
| #kernel.sched_domain.cpu2.domain0.busy_factor = 64 | |
| #kernel.sched_domain.cpu2.domain0.busy_idx = 2 | |
| #kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1 | |
| #kernel.sched_domain.cpu2.domain0.flags = 4143 | |
| #kernel.sched_domain.cpu2.domain0.forkexec_idx = 0 | |
| #kernel.sched_domain.cpu2.domain0.idle_idx = 1 | |
| #kernel.sched_domain.cpu2.domain0.imbalance_pct = 125 | |
| #kernel.sched_domain.cpu2.domain0.max_interval = 4 | |
| #kernel.sched_domain.cpu2.domain0.min_interval = 1 | |
| #kernel.sched_domain.cpu2.domain0.name = CPU | |
| #kernel.sched_domain.cpu2.domain0.newidle_idx = 0 | |
| #kernel.sched_domain.cpu2.domain0.wake_idx = 0 | |
| #kernel.sched_domain.cpu3.domain0.busy_factor = 64 | |
| #kernel.sched_domain.cpu3.domain0.busy_idx = 2 | |
| #kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1 | |
| #kernel.sched_domain.cpu3.domain0.flags = 4143 | |
| #kernel.sched_domain.cpu3.domain0.forkexec_idx = 0 | |
| #kernel.sched_domain.cpu3.domain0.idle_idx = 1 | |
| #kernel.sched_domain.cpu3.domain0.imbalance_pct = 125 | |
| #kernel.sched_domain.cpu3.domain0.max_interval = 4 | |
| #kernel.sched_domain.cpu3.domain0.min_interval = 1 | |
| #kernel.sched_domain.cpu3.domain0.name = CPU | |
| #kernel.sched_domain.cpu3.domain0.newidle_idx = 0 | |
| #kernel.sched_domain.cpu3.domain0.wake_idx = 0 | |
| kernel.sched_latency_ns = 10000000 | |
| kernel.sched_migration_cost = 500000 | |
| kernel.sched_min_granularity_ns = 2250000 | |
| kernel.sched_nr_migrate = 32 | |
| kernel.sched_rt_period_us = 1000000 | |
| kernel.sched_rt_runtime_us = 950000 | |
| kernel.sched_shares_window = 10000000 | |
| kernel.sched_time_avg = 1000 | |
| #kernel.sched_tunable_scaling = 1 | |
| kernel.sched_wakeup_granularity_ns = 2000000 | |
| #kernel.sem = 250 32000 32 128 | |
| #kernel.sg-big-buff = 32768 | |
| #kernel.shm_rmid_forced = 0 | |
| kernel.shmall = 2097152 | |
| #kernel.random.poolsize = 4096 | |
| kernel.shmmax = 33554432 | |
| kernel.shmmni = 4096 | |
| kernel.softlockup_panic = 1 | |
| kernel.tainted = 1 | |
| kernel.threads-max = 12542 | |
| kernel.timer_migration = 1 | |
| #kernel.usermodehelper.inheritable = 4294967295 4294967295 | |
| #kernel.usermodehelper.bset = 4294967295 4294967295 | |
| #kernel.random.uuid = 465b8dc9-8ba6-474d-a762-a932375082f0 | |
| #kernel.random.entropy_avail = 4096 | |
| #kernel.random.read_wakeup_threshold = 4096 | |
| #kernel.random.boot_id = 77705164-182c-454a-ae31-6dc047e57c3e | |
| kernel.auto_msgmni = 1 | |
| #kernel.maps_protect = 1 | |
| #kernel.blk_iopoll = 1 | |
| #kernel.cap_last_cap = 36 | |
| kernel.core_pattern = core | |
| kernel.core_pipe_limit = 0 | |
| kernel.core_uses_pid = 1 | |
| kernel.ctrl-alt-del = 1 | |
| kernel.dmesg_restrict = 2 | |
| kernel.domainname = localdomain | |
| #kernel.ftrace_dump_on_oops = 0 | |
| kernel.hostname = localhost | |
| kernel.hotplug = /sbin/hotplug | |
| kernel.hung_task_check_count = 32768 | |
| kernel.hung_task_panic = 1 | |
| kernel.hung_task_timeout_secs = 30 | |
| #kernel.hung_task_warnings = 10 | |
| kernel.keys.gc_delay = 300 | |
| #kernel.keys.maxbytes = 20000 | |
| kernel.keys.maxkeys = 200 | |
| kernel.keys.root_maxbytes = 20000 | |
| #kernel.keys.root_maxkeys = 200 | |
| #kernel.kptr_restrict = 1 | |
| kernel.max_lock_depth = 1024 | |
| kernel.msgmax = 65536 | |
| kernel.msgmnb = 65536 | |
| #kernel.msgmni = 1119 | |
| #kernel.ngroups_max = 65536 | |
| kernel.nmi_watchdog = 1 | |
| #kernel.osrelease = 4.0.1 | |
| kernel.ostype = Linux | |
| kernel.overflowgid = 65534 | |
| kernel.overflowuid = 65534 | |
| #kernel.panic = 1 | |
| kernel.panic_on_oops = 1 | |
| kernel.pid_max = 65536 | |
| kernel.poweroff_cmd = /sbin/poweroff | |
| kernel.print-fatal-signals = 0 | |
| kernel.printk = 4 4 1 7 | |
| kernel.printk_delay = 0 | |
| kernel.printk_ratelimit = 5 | |
| #kernel.printk_ratelimit_burst = 10 | |
| kernel.pty.max = 4096 | |
| #kernel.pty.nr = 2 | |
| #kernel.pty.reserve = 1024 | |
| kernel.modprobe = /sbin/modprobe | |
| kernel.modules_disabled = 0 | |
| kernel.cad_pid = 1 | |
| kernel.randomize_va_space = 2 | |
| crypto.fips_status = 0 | |
| # Controls the System Request debugging functionality | |
| # of the kernel (magic-sysrq key) | |
| kernel.sysrq = 1 | |
| ############### | |
| # Logcat | |
| # 0 = enabled | |
| # 1 = enable at boot, but not when suspended | |
| # 2 = completely disabled | |
| ############### | |
| # echo 0 > /sys/module/logger/parameters/log_mode | |
| ############### | |
| # Interfaces - DO NOT change if you not know what you're doing! | |
| ############### | |
| #service.adb.tcp.port = 5555 | |
| #service.adb.tcp.port = -1 | |
| #net.eth0.gw = 10.0.2.2 | |
| #net.eth0.dns1 = 10.0.2.3 | |
| #net.gprs.local-ip = 10.0.2.15 | |
| #ro.radio.use-ppp = no | |
| #ro.bt.bdaddr_path = "/efs/bluetooth/bt_addr" | |
| #ro.nfc.port = "I2C" | |
| #sys.usb.state = ${sys.usb.config} | |
| #service.adb.root = 1 | |
| #wifi.interface = wlan0 | |
| #wifi.supplicant_scan_interval = 250 | |
| #mobiledata.interfaces = pdp0,wlan0,gprs,ppp0 | |
| #ro.telephony.ril_class = SamsungExynos4RIL | |
| #ro.carrier = unknown | |
| #net.bt.name = chefkoch | |
| #ro.com.android.wifi-watchlist = ChefkochGuest | |
| #ro.com.google.clientidbase = android-google | |
| #persist.sys.usb.config = mass_storage,adb | |
| # Caching | |
| # -1 means infinitive cacheing | |
| #networkaddress.cache.ttl = 0 | |
| # Default 10 | |
| #networkaddress.cache.negative.ttl = 0 | |
| ## WTF! | |
| #profiler.force_disable_ulog = 1 | |
| #rofiler.force_disable_err_rpt = 1 | |
| # /WTF! | |
| # Set maximum and minimum speed of raid resyncing operations | |
| #dev.raid.speed_limit_max = 10000 | |
| #dev.raid.speed_limit_min = 1000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment