# Do less swApping
vm.swappiness = 5
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries = 2
# Allowed local port range
net.ipv4.ip_local_port_range = 2000 65535
# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337 = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffer
net.core.rmem_default = 31457280
# Maximum Socket Receive Buffer
net.core.rmem_max = 12582912
# Default Socket Send Buffer
net.core.wmem_default = 31457280
# Maximum Socket Send Buffer
net.core.wmem_max = 12582912
# Increase number of incoming connections
net.core.somaxconn = 4096
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 65536
# Increase the maximum amount of option memory buffers
net.core.optmem_max = 25165824
# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
# Additional setting with reference to ipcop/clearos
net.ipv4.ip_dynaddr = 1
# rp_filter = 1, source address verification helps protect against spoofing attacks
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_source_route = 0
#net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.promote_secondaries = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
#net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.promote_secondaries = 1
# also suggested by Debian
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
目前就做成这样,先用一段时间看看有什么要修改的 。
推荐阅读
- 怀孕七个月肚子隐隐痛
- 抖音位置怎么设置自己店铺名字 抖音怎么加自己的店铺
- 眼霜|别“看不起”国货!赵柯用了多年的眼霜,实力媲美小棕瓶,高质价低太良心
- 淘宝投诉有用什么?卖家被投诉后有什么影响呢? 投诉淘宝卖家,卖家是什么后果
- 开通抖音蓝v认证有用吗 抖音蓝v认证的坏处
- 3年脂溢性脱发恢复了,分享自己的生发成功心得
- 政工夫茶,政和工夫茶功效与作用
- 捞叶作用功效,松针保健茶的作用和加工流程
- 抹茶功效作用,教你分辨绿茶粉和抹茶
- 台灯用几瓦的灯泡合适,台灯用黄灯好还是白灯好