Create a gist now

Instantly share code, notes, and snippets.

@CHEF-KOCH /hardened.conf
Last active Mar 20, 2018

Embed
Download ZIP
Android 4.4.4/5 sysctl.conf secure hardening tweaks + others
Raw
hardened.conf
# Show all system parameters with their values (default or changed)
# sysctl -A or via -> sysctl -a | grep tcp
### Show values of parameters modified by you
# sysctl -p
### Show value for a single parameter parameter-name
# sysctl parameter-name
### Change value for a single parameter parameter-name without editing sysctl.conf manually.
# sysctl -w parameter-name = parameter-value
# https://gist.github.com/CHEF-KOCH/0001e66a8c10b1177abe
# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0
# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0
# Stealth IP networking
#net.inet.ip.stealth = 0
# Drop synfin packets
#net.inet.tcp.drop_synfin = 1
# Icmp may NOT rst
#net.inet.tcp.icmp_may_rst = 0
###############################
# IPv4
###############################
net.ipv4.ip_forward = 1
#net.ipv4.ip_forward_use_pmtu = 0
#net.ipv4.fwmark_reflect = 0
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 0
net.ipv4.xfrm4_gc_thresh = 131072
net.ipv4.ip_default_ttl = 64
# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 900
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.igmp_max_msf = 10
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = 0
# Disable all ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
# TCP SYN cookie protection (default) helps protect
# against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
#net.ipv4.tcp_syncookies = 1
# TCP Explicit Congestion Notification
#net.ipv4.tcp_ecn = 2
#net.ipv4.tcp_reordering = 3
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1200
# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 1
# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1
## TCP timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = 0
# Enable ignoring broadcasts request (Default 1)
net.ipv4.icmp_echo_ignore_broadcasts = 1
#
#net.ipv4.icmp_ratemask = 6168
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 4096
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Ignore all ICMP Echo spam - Don't ignore directed pings!
net.ipv4.icmp_echo_ignore_all = 0
# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65535
# This may cause dropped frames with load-balancing and NATs,
# only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
# 1 0 can break clients behind NAT
#net.ipv4.tcp_tw_reuse = 1
#net.ipv4.tcp_tw_recycle = 0
# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0
#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600
#net.ipv4.conf.<device>.rp_filter = 1
#net.tcp.default_init_rwnd = 60
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
#net.ipv4.route.flush = 1
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 60
#net.ipv4.tcp_rme = 6144 87380 1048576
net.ipv4.tcp_wmem = 6144 87380 1048576
net.ipv4.tcp_mem = 65536 131072 262144
#The default value held by this entry varies
#heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max =
net.ipv4.tcp_fack = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = cubic
# more speed with -> net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.udp_mem = 65536 131072 262144
#net.core.default_qdisc = fq
net.ipv4.tcp_rmem = 8192 87380 16777216
# Increase RPC slots
#sunrpc.tcp_slot_table_entries = 32
#sunrpc.udp_slot_table_entries = 32
# .autoconf set to 0 if you use a static ip!
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_thin_dupack = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_cookie_size = 0
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
#net.ipv4.tcp_early_retrans = 2
#net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
#net.ipv4.tcp_fastopen = 3
#####
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.max_size = 524288
net.ipv4.route.gc_timeout = 600
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 32768
#####
# http://lartc.org/howto/lartc.kernel.obscure.html
# http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
####
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 900
net.ipv4.ipfrag_time = 30
######
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 32
net.ipv4.neigh.default.gc_thresh2 = 1024
net.ipv4.neigh.default.gc_thresh3 = 2048
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 6
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#####
net.ipv4.conf.rmnet1.forwarding = 1
net.ipv4.conf.rmnet1.mc_forwarding = 0
net.ipv4.conf.rmnet1.accept_redirects = 0
net.ipv4.conf.rmnet1.secure_redirects = 0
net.ipv4.conf.rmnet1.shared_media = 1
net.ipv4.conf.rmnet1.rp_filter = 1
net.ipv4.conf.rmnet1.send_redirects = 1
net.ipv4.conf.rmnet1.accept_source_route = 1
net.ipv4.conf.rmnet1.accept_local = 0
net.ipv4.conf.rmnet1.src_valid_mark = 0
net.ipv4.conf.rmnet1.proxy_arp = 0
net.ipv4.conf.rmnet1.medium_id = 0
net.ipv4.conf.rmnet1.bootp_relay = 0
net.ipv4.conf.rmnet1.log_martians = 0
net.ipv4.conf.rmnet1.tag = 0
net.ipv4.conf.rmnet1.arp_filter = 1
net.ipv4.conf.rmnet1.arp_announce = 0
net.ipv4.conf.rmnet1.arp_ignore = 1
net.ipv4.conf.rmnet1.arp_accept = 0
net.ipv4.conf.rmnet1.arp_notify = 0
net.ipv4.conf.rmnet1.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet1.disable_xfrm = 0
net.ipv4.conf.rmnet1.disable_policy = 0
net.ipv4.conf.rmnet1.force_igmp_version = 0
net.ipv4.conf.rmnet1.promote_secondaries = 0
#####
net.ipv4.conf.rmnet2.forwarding = 1
net.ipv4.conf.rmnet2.mc_forwarding = 0
net.ipv4.conf.rmnet2.accept_redirects = 0
net.ipv4.conf.rmnet2.secure_redirects = 0
net.ipv4.conf.rmnet2.shared_media = 1
net.ipv4.conf.rmnet2.rp_filter = 1
net.ipv4.conf.rmnet2.send_redirects = 1
net.ipv4.conf.rmnet2.accept_source_route = 1
net.ipv4.conf.rmnet2.accept_local = 0
net.ipv4.conf.rmnet2.src_valid_mark = 0
net.ipv4.conf.rmnet2.proxy_arp = 0
net.ipv4.conf.rmnet2.medium_id = 0
net.ipv4.conf.rmnet2.bootp_relay = 0
net.ipv4.conf.rmnet2.log_martians = 0
net.ipv4.conf.rmnet2.tag = 0
net.ipv4.conf.rmnet2.arp_filter = 1
net.ipv4.conf.rmnet2.arp_announce = 0
net.ipv4.conf.rmnet2.arp_ignore = 1
net.ipv4.conf.rmnet2.arp_accept = 0
net.ipv4.conf.rmnet2.arp_notify = 0
net.ipv4.conf.rmnet2.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet2.disable_xfrm = 0
net.ipv4.conf.rmnet2.disable_policy = 0
net.ipv4.conf.rmnet2.force_igmp_version = 0
net.ipv4.conf.rmnet2.promote_secondaries = 0
#####
#net.ipv4.conf.rndis0.forwarding = 1
#net.ipv4.conf.rndis0.mc_forwarding = 0
#net.ipv4.conf.rndis0.accept_redirects = 0
#net.ipv4.conf.rndis0.secure_redirects = 0
#net.ipv4.conf.rndis0.shared_media = 1
#net.ipv4.conf.rndis0.rp_filter = 1
#net.ipv4.conf.rndis0.send_redirects = 1
#net.ipv4.conf.rndis0.accept_source_route = 0
#net.ipv4.conf.rndis0.accept_local = 0
#net.ipv4.conf.rndis0.src_valid_mark = 0
#net.ipv4.conf.rndis0.proxy_arp = 0
#net.ipv4.conf.rndis0.medium_id = 0
#net.ipv4.conf.rndis0.bootp_relay = 0
#net.ipv4.conf.rndis0.log_martians = 0
#net.ipv4.conf.rndis0.tag = 0
#net.ipv4.conf.rndis0.arp_filter = 1
#net.ipv4.conf.rndis0.arp_announce = 0
#net.ipv4.conf.rndis0.arp_ignore = 1
#net.ipv4.conf.rndis0.arp_accept = 0
#net.ipv4.conf.rndis0.arp_notify = 0
#net.ipv4.conf.rndis0.proxy_arp_pvlan = 0
#net.ipv4.conf.rndis0.disable_xfrm = 0
#net.ipv4.conf.rndis0.disable_policy = 0
#net.ipv4.conf.rndis0.force_igmp_version = 0
#net.ipv4.conf.rndis0.promote_secondaries = 0
#####
#net.ipv4.neigh.rndis0.mcast_solicit = 3
#net.ipv4.neigh.rndis0.ucast_solicit = 3
#net.ipv4.neigh.rndis0.app_solicit = 0
#net.ipv4.neigh.rndis0.retrans_time = 100
#net.ipv4.neigh.rndis0.base_reachable_time = 30
#net.ipv4.neigh.rndis0.delay_first_probe_time = 5
#net.ipv4.neigh.rndis0.gc_stale_time = 60
#net.ipv4.neigh.rndis0.unres_qlen = 3
#net.ipv4.neigh.rndis0.proxy_qlen = 64
#net.ipv4.neigh.rndis0.anycast_delay = 100
#net.ipv4.neigh.rndis0.proxy_delay = 80
#net.ipv4.neigh.rndis0.locktime = 100
#net.ipv4.neigh.rndis0.retrans_time_ms = 1000
#net.ipv4.neigh.rndis0.base_reachable_time_ms = 30000
#####
#net.ipv4.neigh.rmnet2.mcast_solitic = 3
net.ipv4.neigh.rmnet2.ucast_solicit = 3
net.ipv4.neigh.rmnet2.app_solicit = 0
net.ipv4.neigh.rmnet2.retrans_time = 100
net.ipv4.neigh.rmnet2.base_reachable_time = 30
net.ipv4.neigh.rmnet2.delay_first_probe_time = 5
net.ipv4.neigh.rmnet2.gc_stale_time = 60
net.ipv4.neigh.rmnet2.unres_qlen = 3
net.ipv4.neigh.rmnet2.proxy_qlen = 64
net.ipv4.neigh.rmnet2.anycast_delay = 100
net.ipv4.neigh.rmnet2.proxy_delay = 80
net.ipv4.neigh.rmnet2.locktime = 100
net.ipv4.neigh.rmnet2.retrans_time_ms = 1000
net.ipv4.neigh.rmnet2.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet1.mcast_solicit = 3
net.ipv4.neigh.rmnet1.ucast_solicit = 3
net.ipv4.neigh.rmnet1.app_solicit = 0
net.ipv4.neigh.rmnet1.retrans_time = 100
net.ipv4.neigh.rmnet1.base_reachable_time = 30
net.ipv4.neigh.rmnet1.delay_first_probe_time = 5
net.ipv4.neigh.rmnet1.gc_stale_time = 60
net.ipv4.neigh.rmnet1.unres_qlen = 3
net.ipv4.neigh.rmnet1.proxy_qlen = 64
net.ipv4.neigh.rmnet1.anycast_delay = 100
net.ipv4.neigh.rmnet1.proxy_delay = 80
net.ipv4.neigh.rmnet1.locktime = 100
net.ipv4.neigh.rmnet1.retrans_time_ms = 1000
net.ipv4.neigh.rmnet1.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet0.mcast_solicit = 3
net.ipv4.neigh.rmnet0.ucast_solicit = 3
net.ipv4.neigh.rmnet0.app_solicit = 0
net.ipv4.neigh.rmnet0.retrans_time = 100
net.ipv4.neigh.rmnet0.base_reachable_time = 30
net.ipv4.neigh.rmnet0.delay_first_probe_time = 5
net.ipv4.neigh.rmnet0.gc_stale_time = 60
net.ipv4.neigh.rmnet0.unres_qlen = 3
net.ipv4.neigh.rmnet0.proxy_qlen = 64
net.ipv4.neigh.rmnet0.anycast_delay = 100
net.ipv4.neigh.rmnet0.proxy_delay = 80
net.ipv4.neigh.rmnet0.locktime = 100
net.ipv4.neigh.rmnet0.retrans_time_ms = 1000
net.ipv4.neigh.rmnet0.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 35
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 65536
######
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
#net.ipv4.neigh.lo.unres_qlen_bytes = 65536
#####
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 65536
#####
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
#net.ipv4.neigh.sit0.unres_qlen_bytes = 65536
#####
#net.ipv4.neigh.wlan0.anycast_delay = 100
#net.ipv4.neigh.wlan0.app_solicit = 0
#net.ipv4.neigh.wlan0.base_reachable_time = 30
#net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv4.neigh.wlan0.delay_first_probe_time = 5
#net.ipv4.neigh.wlan0.gc_stale_time = 60
#net.ipv4.neigh.wlan0.locktime = 100
#net.ipv4.neigh.wlan0.mcast_solicit = 3
#net.ipv4.neigh.wlan0.proxy_delay = 80
#net.ipv4.neigh.wlan0.proxy_qlen = 64
#net.ipv4.neigh.wlan0.retrans_time = 100
#net.ipv4.neigh.wlan0.retrans_time_ms = 1000
#net.ipv4.neigh.wlan0.ucast_solicit = 3
#net.ipv4.neigh.wlan0.unres_qlen = 35
#net.ipv4.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_log_invalid = 0
#net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
#net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
#net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
#net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 15
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 75
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
#net.ipv4.ping_group_range = 0 2147483647
#net.ipv4.ip_local_reserved_ports =
#####
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
######
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 1
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
#####
net.ipv4.conf.ip6tnl0.accept_local = 0
net.ipv4.conf.ip6tnl0.accept_redirects = 0
net.ipv4.conf.ip6tnl0.accept_source_route = 1
net.ipv4.conf.ip6tnl0.arp_accept = 0
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = 1
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = 0
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = 0
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = 1
net.ipv4.conf.ip6tnl0.log_martians = 0
net.ipv4.conf.ip6tnl0.mc_forwarding = 1
net.ipv4.conf.ip6tnl0.medium_id = 0
net.ipv4.conf.ip6tnl0.promote_secondaries = 0
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = 0
net.ipv4.conf.ip6tnl0.rp_filter = 1
net.ipv4.conf.ip6tnl0.secure_redirects = 1
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = 1
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
######
net.ipv4.conf.rmnet0.forwarding = 1
net.ipv4.conf.rmnet0.mc_forwarding = 0
net.ipv4.conf.rmnet0.accept_redirects = 0
net.ipv4.conf.rmnet0.secure_redirects = 0
net.ipv4.conf.rmnet0.shared_media = 1
net.ipv4.conf.rmnet0.rp_filter = 1
net.ipv4.conf.rmnet0.send_redirects = 1
net.ipv4.conf.rmnet0.accept_source_route = 1
net.ipv4.conf.rmnet0.accept_local = 0
net.ipv4.conf.rmnet0.src_valid_mark = 0
net.ipv4.conf.rmnet0.proxy_arp = 0
net.ipv4.conf.rmnet0.medium_id = 0
net.ipv4.conf.rmnet0.bootp_relay = 0
net.ipv4.conf.rmnet0.log_martians = 0
net.ipv4.conf.rmnet0.tag = 0
net.ipv4.conf.rmnet0.arp_filter = 1
net.ipv4.conf.rmnet0.arp_announce = 0
net.ipv4.conf.rmnet0.arp_ignore = 1
net.ipv4.conf.rmnet0.arp_accept = 0
net.ipv4.conf.rmnet0.arp_notify = 0
net.ipv4.conf.rmnet0.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet0.disable_xfrm = 0
net.ipv4.conf.rmnet0.disable_policy = 0
net.ipv4.conf.rmnet0.force_igmp_version = 0
net.ipv4.conf.rmnet0.promote_secondaries = 0
######
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 1
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 1
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
#####
#net.ipv4.conf.p2p0.accept_local = 0
#net.ipv4.conf.p2p0.accept_redirects = 0
#net.ipv4.conf.p2p0.accept_source_route = 1
#net.ipv4.conf.p2p0.arp_accept = 0
#net.ipv4.conf.p2p0.arp_announce = 0
#net.ipv4.conf.p2p0.arp_filter = 1
#net.ipv4.conf.p2p0.arp_ignore = 0
#net.ipv4.conf.p2p0.arp_notify = 0
#net.ipv4.conf.p2p0.bootp_relay = 0
#net.ipv4.conf.p2p0.disable_policy = 0
#net.ipv4.conf.p2p0.disable_xfrm = 0
#net.ipv4.conf.p2p0.force_igmp_version = 0
#net.ipv4.conf.p2p0.forwarding = 1
#net.ipv4.conf.p2p0.log_martians = 0
#net.ipv4.conf.p2p0.mc_forwarding = 1
#net.ipv4.conf.p2p0.medium_id = 0
#net.ipv4.conf.p2p0.promote_secondaries = 0
#net.ipv4.conf.p2p0.proxy_arp = 0
#net.ipv4.conf.p2p0.proxy_arp_pvlan = 0
#net.ipv4.conf.p2p0.rp_filter = 1
#net.ipv4.conf.p2p0.secure_redirects = 1
#net.ipv4.conf.p2p0.send_redirects = 1
#net.ipv4.conf.p2p0.shared_media = 1
#net.ipv4.conf.p2p0.src_valid_mark = 0
#net.ipv4.conf.p2p0.tag = 0
#####
net.ipv4.conf.sit0.accept_local = 0
net.ipv4.conf.sit0.accept_redirects = 0
net.ipv4.conf.sit0.accept_source_route = 1
net.ipv4.conf.sit0.arp_accept = 0
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = 1
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = 0
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = 0
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = 1
net.ipv4.conf.sit0.log_martians = 0
net.ipv4.conf.sit0.mc_forwarding = 1
net.ipv4.conf.sit0.medium_id = 0
net.ipv4.conf.sit0.promote_secondaries = 0
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = 0
net.ipv4.conf.sit0.rp_filter = 1
net.ipv4.conf.sit0.secure_redirects = 1
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = 1
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
######
#net.ipv4.conf.wlan0.accept_local = 0
#net.ipv4.conf.wlan0.accept_redirects = 0
#net.ipv4.conf.wlan0.accept_source_route = 1
#net.ipv4.conf.wlan0.arp_accept = 0
#net.ipv4.conf.wlan0.arp_announce = 0
#net.ipv4.conf.wlan0.arp_filter = 1
#net.ipv4.conf.wlan0.arp_ignore = 0
#net.ipv4.conf.wlan0.arp_notify = 0
#net.ipv4.conf.wlan0.bootp_relay = 0
#net.ipv4.conf.wlan0.disable_policy = 0
#net.ipv4.conf.wlan0.disable_xfrm = 0
#net.ipv4.conf.wlan0.force_igmp_version = 0
#net.ipv4.conf.wlan0.forwarding = 1
#net.ipv4.conf.wlan0.log_martians = 0
#net.ipv4.conf.wlan0.mc_forwarding = 1
#net.ipv4.conf.wlan0.medium_id = 0
#net.ipv4.conf.wlan0.promote_secondaries = 1
#net.ipv4.conf.wlan0.proxy_arp = 0
#net.ipv4.conf.wlan0.proxy_arp_pvlan = 0
#net.ipv4.conf.wlan0.rp_filter = 1
#net.ipv4.conf.wlan0.secure_redirects = 1
#net.ipv4.conf.wlan0.send_redirects = 1
#net.ipv4.conf.wlan0.shared_media = 1
#net.ipv4.conf.wlan0.src_valid_mark = 0
#net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.igmp_max_memberships = 20
net.ipv4.conf.default.accept_redirects = 0
#net.ipv4.conf.all.igmp_max_memberships = 20
# Netfilter
########
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = ipt_LOG
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = ip6t_LOG
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE
net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_count = 36
net.netfilter.nf_conntrack_dccp_loose = 1
net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
net.netfilter.nf_conntrack_dccp_timeout_closing = 64
net.netfilter.nf_conntrack_dccp_timeout_open = 43200
net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
net.netfilter.nf_conntrack_dccp_timeout_request = 240
net.netfilter.nf_conntrack_dccp_timeout_respond = 480
net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 50168
net.netfilter.nf_conntrack_expect_max = 256
net.netfilter.nf_conntrack_frag6_high_thresh = 262144
net.netfilter.nf_conntrack_frag6_low_thresh = 196608
net.netfilter.nf_conntrack_frag6_timeout = 60
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
#net.netfilter.nf_conntrack_skip_filter = 1
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
net.netfilter.nf_conntrack_sctp_timeout_closed = 10
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180
# Disable bridge firewall'ing by default
#net.bridge.bridge-nf-call-arptables = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 0
# sysctl -a | grep ipv6 sysctl
###############################
# IPv6 -> http://test-ipv6.com + RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id = 14013
# https://code.google.com/p/android/issues/detail?id = 31102
# Only on Lollipop: RFC 6106
###############################
net.ipv6.ip_forward = 1
#net.ipv6.bindv6only = 0
#net.ipv6.fwmark_reflect = 0
#net.ipv6.tcp_timestamps = 0
#net.ipv6.ip_forward_use_pmtu = 0
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.conf.all.secure_redirects = 0
#net.ipv6.conf.all.forwarding = 1
#net.ipv6.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_ra = 1
#net.ipv6.conf.all.accept_dad = 1
#net.ipv6.conf.all.accept_ra_rtr_pref = 1
#net.ipv6.conf.all.accept_ra_pinfo = 1
#net.ipv6.conf.all.accept_ra_defrtr = 1
#net.ipv6.conf.all.use_tempaddr = 2
#net.ipv6.conf.all.temp_valid_lft = 604800
#net.ipv6.conf.all.autoconf = 1
#net.ipv6.conf.all.accept_source_route = 0
#net.ipv6.conf.all.force_mld_version = 0
#net.ipv6.conf.all.force_tllao = 0
#net.ipv6.conf.all.hop_limit = 64
#net.ipv6.conf.all.max_addresses = 16
#net.ipv6.conf.al.max_desync_factor = 600
#net.ipv6.conf.all.mtu = 1280
#net.ipv6.conf.all.optimistic_dad = 0
#net.ipv6.conf.all.use_optimistic = 0
#net.ipv6.conf.all.proxy_ndp = 2
#net.ipv6.conf.all.regen_max_retry = 3
#net.ipv6.conf.all.router_probe_interval = 60
#net.ipv6.conf.all.router_solicitation_delay = 1
#net.ipv6.conf.all.router_solicitation_interval = 4
#net.ipv6.conf.all.router_solicitations = 3
#net.ipv6.conf.all.temp_prefered_lft = 86400
# sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
#####
#net.ipv6.conf.default.secure_redirects = 0
#net.ipv6.conf.default.autoconf = 1
#net.ipv6.conf.default.accept_redirects = 0
#net.ipv6.conf.default.use_tempaddr = 2
#net.ipv6.conf.default.accept_dad = 1
#net.ipv6.conf.default.accept_ra = 0
#net.ipv6.conf.default.accept_ra_defrtr = 1
#net.ipv6.conf.default.accept_ra_pinfo = 1
#net.ipv6.conf.default.accept_ra_rtr_pref = 1
#net.ipv6.conf.default.accept_source_route = 0
#net.ipv6.conf.default.dad_transmits = 1
#net.ipv6.conf.default.force_mld_version = 0
#net.ipv6.conf.default.force_tllao = 0
#net.ipv6.conf.default.forwarding = 1
#net.ipv6.conf.default.hop_limit = 64
#net.ipv6.conf.default.max_addresses = 16
#net.ipv6.conf.default.max_desync_factor = 600
#net.ipv6.conf.default.mtu = 1280
#net.ipv6.conf.default.optimistic_dad = 0
#net.ipv6.conf.default.proxy_ndp = 0
#net.ipv6.conf.default.regen_max_retry = 3
#net.ipv6.conf.default.router_probe_interval = 60
#net.ipv6.conf.default.router_solicitation_delay = 1
#net.ipv6.conf.default.router_solicitation_interval = 4
#net.ipv6.conf.default.router_solicitations = 3
#net.ipv6.conf.default.temp_prefered_lft = 86400
#net.ipv6.conf.default.temp_valid_lft = 604800
#####
net.ipv6.conf.ip6tnl0.forwarding = 1
#net.ipv6.conf.ip6tnl0.hop_limit = 64
#net.ipv6.conf.ip6tnl0.mtu = 1452
#net.ipv6.conf.ip6tnl0.accept_ra = 2
#net.ipv6.conf.ip6tnl0.accept_redirects = 0
#net.ipv6.conf.ip6tnl0.autoconf = 1
#net.ipv6.conf.ip6tnl0.dad_transmits = 1
#net.ipv6.conf.ip6tnl0.router_solicitations = 3
#net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
#net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
#net.ipv6.conf.ip6tnl0.force_mld_version = 0
#net.ipv6.conf.ip6tnl0.use_tempaddr = 2
#net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
#net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
#net.ipv6.conf.ip6tnl0.regen_max_retry = 3
#net.ipv6.conf.ip6tnl0.max_desync_factor = 600
#net.ipv6.conf.ip6tnl0.max_addresses = 16
#net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1
#net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1
#net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = 1
#net.ipv6.conf.ip6tnl0.router_probe_interval = 60
#net.ipv6.conf.ip6tnl0.proxy_ndp = 0
#net.ipv6.conf.ip6tnl0.accept_source_route = 0
#net.ipv6.conf.ip6tnl0.optimistic_dad = 0
#net.ipv6.conf.ip6tnl0.disable_ipv6 = 1
#net.ipv6.conf.ip6tnl0.accept_dad = -1
#net.ipv6.conf.ip6tnl0.force_tllao = 0
#####
#net.ipv6.conf.lo.accept_dad = -1
#net.ipv6.conf.lo.accept_ra = 2
#net.ipv6.conf.lo.accept_ra_defrtr = 1
#net.ipv6.conf.lo.accept_ra_pinfo = 1
#net.ipv6.conf.lo.accept_ra_rtr_pref = 1
#net.ipv6.conf.lo.accept_redirects = 0
#net.ipv6.conf.lo.accept_source_route = 0
#net.ipv6.conf.lo.autoconf = 1
#net.ipv6.conf.lo.dad_transmits = 1
#net.ipv6.conf.lo.force_mld_version = 0
#net.ipv6.conf.lo.force_tllao = 0
#net.ipv6.conf.lo.forwarding = 1
#net.ipv6.conf.lo.hop_limit = 64
#net.ipv6.conf.lo.max_addresses = 16
#net.ipv6.conf.lo.max_desync_factor = 600
#net.ipv6.conf.lo.mtu = 16436
#net.ipv6.conf.lo.optimistic_dad = 1
#net.ipv6.conf.lo.proxy_ndp = 0
#net.ipv6.conf.lo.regen_max_retry = 3
#net.ipv6.conf.lo.router_probe_interval = 60
#net.ipv6.conf.lo.router_solicitation_delay = 1
#net.ipv6.conf.lo.router_solicitation_interval = 4
#net.ipv6.conf.lo.router_solicitations = 3
#net.ipv6.conf.lo.temp_prefered_lft = 86400
#net.ipv6.conf.lo.temp_valid_lft = 604800
#net.ipv6.conf.lo.use_tempaddr = 2
######
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 2
#net.ipv6.conf.p2p0.accept_ra_defrtr = 1
#net.ipv6.conf.p2p0.accept_ra_pinfo = 1
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = 1
#net.ipv6.conf.p2p0.accept_redirects = 0
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = 1
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 1
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = 0
#net.ipv6.conf.p2p0.forwarding = 1
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = 0
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 3
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = 2
#####
#net.ipv6.conf.sit0.forwarding = 1
#net.ipv6.conf.sit0.hop_limit = 64
#net.ipv6.conf.sit0.mtu = 1480
#net.ipv6.conf.sit0.accept_ra = 2
#net.ipv6.conf.sit0.accept_redirects = 0
#net.ipv6.conf.sit0.autoconf = 1
#net.ipv6.conf.sit0.dad_transmits = 1
#net.ipv6.conf.sit0.router_solicitations = 3
#net.ipv6.conf.sit0.router_solicitation_interval = 4
#net.ipv6.conf.sit0.router_solicitation_delay = 1
#net.ipv6.conf.sit0.force_mld_version = 0
#net.ipv6.conf.sit0.use_tempaddr = 2
#net.ipv6.conf.sit0.temp_valid_lft = 604800
#net.ipv6.conf.sit0.temp_prefered_lft = 86400
#net.ipv6.conf.sit0.regen_max_retry = 3
#net.ipv6.conf.sit0.max_desync_factor = 600
#net.ipv6.conf.sit0.max_addresses = 16
#net.ipv6.conf.sit0.accept_ra_defrtr = 1
#net.ipv6.conf.sit0.accept_ra_pinfo = 1
#net.ipv6.conf.sit0.accept_ra_rtr_pref = 1
#net.ipv6.conf.sit0.router_probe_interval = 60
#net.ipv6.conf.sit0.proxy_ndp = 0
#net.ipv6.conf.sit0.accept_source_route = 0
#net.ipv6.conf.sit0.optimistic_dad = 0
#net.ipv6.conf.sit0.disable_ipv6 = 1
#net.ipv6.conf.sit0.accept_dad = -1
#net.ipv6.conf.sit0.force_tllao = 0
#####
#net.ipv6.conf.wlan0.accept_dad = 1
#net.ipv6.conf.wlan0.accept_ra = 2
#net.ipv6.conf.wlan0.accept_ra_defrtr = 1
#net.ipv6.conf.wlan0.accept_ra_pinfo = 1
#net.ipv6.conf.wlan0.accept_ra_rtr_pref = 1
#net.ipv6.conf.wlan0.accept_redirects = 0
#net.ipv6.conf.wlan0.accept_source_route = 0
#net.ipv6.conf.wlan0.autoconf = 1
#net.ipv6.conf.wlan0.dad_transmits = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.wlan0.force_mld_version = 0
#net.ipv6.conf.wlan0.force_tllao = 0
#net.ipv6.conf.wlan0.forwarding = 1
#net.ipv6.conf.wlan0.hop_limit = 64
#net.ipv6.conf.wlan0.max_addresses = 16
#net.ipv6.conf.wlan0.max_desync_factor = 600
#net.ipv6.conf.wlan0.mtu = 1500
#net.ipv6.conf.wlan0.optimistic_dad = 0
#net.ipv6.conf.wlan0.proxy_ndp = 0
#net.ipv6.conf.wlan0.regen_max_retry = 3
#net.ipv6.conf.wlan0.router_probe_interval = 60
#net.ipv6.conf.wlan0.router_solicitation_delay = 5
#net.ipv6.conf.wlan0.router_solicitation_interval = 1
#net.ipv6.conf.wlan0.router_solicitations = 5
# sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
#net.ipv6.conf.wlan0.temp_prefered_lft = 86400
#net.ipv6.conf.wlan0.temp_valid_lft = 604800
#net.ipv6.conf.wlan0.use_tempaddr = 2
#net.ipv6.icmp.ratelimit = 1000
#net.ipv6.ip6frag_high_thresh = 262144
#net.ipv6.ip6frag_low_thresh = 196608
#net.ipv6.ip6frag_secret_interval = 600
#net.ipv6.ip6frag_time = 60
#net.ipv6.mld_max_msf = 64
######
#net.ipv6.neigh.default.anycast_delay = 100
#net.ipv6.neigh.default.app_solicit = 0
#net.ipv6.neigh.default.base_reachable_time = 30
#net.ipv6.neigh.default.base_reachable_time_ms = 30000
#net.ipv6.neigh.default.delay_first_probe_time = 5
#net.ipv6.neigh.default.gc_interval = 30
#net.ipv6.neigh.default.gc_stale_time = 60
#net.ipv6.neigh.default.gc_thresh1 = 128
#net.ipv6.neigh.default.gc_thresh2 = 512
#net.ipv6.neigh.default.gc_thresh3 = 1024
#net.ipv6.neigh.default.locktime = 0
#net.ipv6.neigh.default.mcast_solicit = 3
#net.ipv6.neigh.default.proxy_delay = 80
#net.ipv6.neigh.default.proxy_qlen = 64
#net.ipv6.neigh.default.retrans_time = 200
#net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.neigh.default.ucast_solicit = 3
#net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 65536
#####
#net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
#net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.app_solicit = 0
#net.ipv6.neigh.ip6tnl0.retrans_time = 200
#net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
#net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
#net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
#net.ipv6.neigh.ip6tnl0.unres_qlen = 3
#net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
#net.ipv6.neigh.ip6tnl0.anycast_delay = 100
#net.ipv6.neigh.ip6tnl0.proxy_delay = 80
#net.ipv6.neigh.ip6tnl0.locktime = 0
#net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
#net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.lo.app_solicit = 0
#net.ipv6.neigh.lo.anycast_delay = 100
#net.ipv6.neigh.lo.ucast_solicit = 3
#net.ipv6.neigh.lo.base_reachable_time = 30
#net.ipv6.neigh.lo.base_reachable_time_ms = 30000
#net.ipv6.neigh.lo.unres_qlen = 35
#net.ipv6.neigh.lo.delay_first_probe_time = 5
#net.ipv6.neigh.lo.gc_stale_time = 60
#net.ipv6.neigh.lo.locktime = 0
#net.ipv6.neigh.lo.proxy_delay = 80
#net.ipv6.neigh.lo.mcast_solicit = 3
#net.ipv6.neigh.lo.proxy_qlen = 64
#net.ipv6.neigh.lo.retrans_time = 200
#net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 65536
######
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 65536
#net.ipv6.xfrm6_gc_thresh = 2048
#net.ipv6.route.mtu_expires = 600
#net.ipv6.route.flush = 1
#net.ipv6.route.min_adv_mss = 1220
#net.ipv6.route.max_size = 4096
#net.ipv6.route.gc_timeout = 60
#net.ipv6.route.gc_thresh = 1024
#net.ipv6.route.gc_min_interval_ms = 500
#net.ipv6.route.gc_min_interval = 0
#net.ipv6.route.gc_interval = 30
#####
#net.ipv6.neigh.sit0.mcast_solicit = 3
#net.ipv6.neigh.sit0.proxy_qlen = 64
#net.ipv6.neigh.sit0.proxy_delay = 80
#net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.sit0.locktime = 0
#net.ipv6.neigh.sit0.delay_first_probe_time = 5
#net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
#net.ipv6.neigh.sit0.base_reachable_time = 30
#net.ipv6.neigh.sit0.gc_stale_time = 60
#net.ipv6.neigh.sit0.app_solicit = 0
#net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 65536
#net.ipv6.neigh.sit0.unres_qlen = 35
#net.ipv6.neigh.sit0.ucast_solicit = 3
#####
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.anycast_delay = 100
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
#net.ipv6.neigh.wlan0.unres_qlen = 35
#net.ipv6.route.gc_elasticity = 9
#net.ipv6.conf.rndis0.mtu = 1500
#net.ipv6.conf.rndis0.force_tllao = 0
#net.ipv6.conf.rndis0.accept_dad = 1
#net.ipv6.conf.rndis0.disable_ipv6 = 1
#net.ipv6.conf.rndis0.optimistic_dad = 0
#net.ipv6.conf.rndis0.accept_source_route = 0
#net.ipv6.conf.rndis0.proxy_ndp = 0
#net.ipv6.conf.rndis0.router_probe_interval = 60
#net.ipv6.conf.rndis0.accept_ra_rtr_pref = 1
#net.ipv6.conf.rndis0.forwarding = 1
#net.ipv6.conf.rndis0.hop_limit = 64
#net.ipv6.conf.rndis0.accept_ra = 2
#net.ipv6.conf.rndis0.accept_redirects = 0
#net.ipv6.conf.rndis0.autoconf = 1
#net.ipv6.conf.rndis0.dad_transmits = 1
#net.ipv6.conf.rndis0.router_solicitations = 3
#net.ipv6.conf.rndis0.router_solicitation_interval = 4
#net.ipv6.conf.rndis0.router_solicitation_delay = 1
#net.ipv6.conf.rndis0.force_mld_version = 0
#net.ipv6.conf.rndis0.use_tempaddr = 2
#net.ipv6.conf.rndis0.temp_valid_lft = 604800
#net.ipv6.conf.rndis0.temp_prefered_lft = 86400
#net.ipv6.conf.rndis0.regen_max_retry = 3
#net.ipv6.conf.rndis0.max_desync_factor = 600
#net.ipv6.conf.rndis0.max_addresses = 16
#net.ipv6.conf.rndis0.accept_ra_defrtr = 1
#net.ipv6.conf.rndis0.accept_ra_pinfo = 1
#####
net.ipv6.conf.rmnet2.forwarding = 1
#net.ipv6.conf.rmnet2.hop_limit = 64
#net.ipv6.conf.rmnet2.mtu = 1500
#net.ipv6.conf.rmnet2.accept_ra = 2
#net.ipv6.conf.rmnet2.accept_redirects = 0
#net.ipv6.conf.rmnet2.autoconf = 1
#net.ipv6.conf.rmnet2.dad_transmits = 1
#net.ipv6.conf.rmnet2.router_solicitations = 3
#net.ipv6.conf.rmnet2.router_solicitation_interval = 4
#net.ipv6.conf.rmnet2.router_solicitation_delay = 1
#net.ipv6.conf.rmnet2.force_mld_version = 0
#net.ipv6.conf.rmnet2.use_tempaddr = 2
#net.ipv6.conf.rmnet2.temp_valid_lft = 604800
#net.ipv6.conf.rmnet2.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet2.regen_max_retry = 3
#net.ipv6.conf.rmnet2.max_desync_factor = 600
#net.ipv6.conf.rmnet2.max_addresses = 16
#net.ipv6.conf.rmnet2.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet2.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet2.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet2.router_probe_interval = 60
#net.ipv6.conf.rmnet2.proxy_ndp = 0
#net.ipv6.conf.rmnet2.accept_source_route = 0
#net.ipv6.conf.rmnet2.optimistic_dad = 0
#net.ipv6.conf.rmnet2.disable_ipv6 = 1
#net.ipv6.conf.rmnet2.accept_dad = -1
#net.ipv6.conf.rmnet2.force_tllao = 0
####
net.ipv6.conf.rmnet1.forwarding = 1
#net.ipv6.conf.rmnet1.hop_limit = 64
#net.ipv6.conf.rmnet1.mtu = 1500
#net.ipv6.conf.rmnet1.accept_ra = 2
#net.ipv6.conf.rmnet1.accept_redirects = 0
#net.ipv6.conf.rmnet1.autoconf = 1
#net.ipv6.conf.rmnet1.dad_transmits = 1
#net.ipv6.conf.rmnet1.router_solicitations = 3
#net.ipv6.conf.rmnet1.router_solicitation_interval = 4
#net.ipv6.conf.rmnet1.router_solicitation_delay = 1
#net.ipv6.conf.rmnet1.force_mld_version = 0
#net.ipv6.conf.rmnet1.use_tempaddr = 2
#net.ipv6.conf.rmnet1.temp_valid_lft = 604800
#net.ipv6.conf.rmnet1.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet1.regen_max_retry = 3
#net.ipv6.conf.rmnet1.max_desync_factor = 600
#net.ipv6.conf.rmnet1.max_addresses = 16
#net.ipv6.conf.rmnet1.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet1.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet1.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet1.router_probe_interval = 60
#net.ipv6.conf.rmnet1.proxy_ndp = 0
#net.ipv6.conf.rmnet1.accept_source_route = 0
#net.ipv6.conf.rmnet1.optimistic_dad = 0
#net.ipv6.conf.rmnet1.disable_ipv6 = 1
#net.ipv6.conf.rmnet1.accept_dad = -1
#net.ipv6.conf.rmnet1.force_tllao = 0
####
#net.ipv6.conf.rmnet0.forwarding = 1
#net.ipv6.conf.rmnet0.hop_limit = 64
#net.ipv6.conf.rmnet0.mtu = 1358
#net.ipv6.conf.rmnet0.accept_ra = 2
#net.ipv6.conf.rmnet0.accept_redirects = 0
#net.ipv6.conf.rmnet0.autoconf = 1
#net.ipv6.conf.rmnet0.dad_transmits = 1
#net.ipv6.conf.rmnet0.router_solicitations = 3
#net.ipv6.conf.rmnet0.router_solicitation_interval = 4
#net.ipv6.conf.rmnet0.router_solicitation_delay = 1
#net.ipv6.conf.rmnet0.force_mld_version = 0
#net.ipv6.conf.rmnet0.use_tempaddr = 2
#net.ipv6.conf.rmnet0.temp_valid_lft = 604800
#net.ipv6.conf.rmnet0.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet0.regen_max_retry = 3
#net.ipv6.conf.rmnet0.max_desync_factor = 600
#net.ipv6.conf.rmnet0.max_addresses = 16
#net.ipv6.conf.rmnet0.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet0.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet0.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet0.router_probe_interval = 60
#net.ipv6.conf.rmnet0.proxy_ndp = 0
#net.ipv6.conf.rmnet0.accept_source_route = 0
#net.ipv6.conf.rmnet0.optimistic_dad = 0
#net.ipv6.conf.rmnet0.disable_ipv6 = 1
#net.ipv6.conf.rmnet0.accept_dad = -1
#net.ipv6.conf.rmnet0.force_tllao = 0
######
#net.ipv6.neigh.rndis0.mcast_solicit = 3
#net.ipv6.neigh.rndis0.ucast_solicit = 3
#net.ipv6.neigh.rndis0.app_solicit = 0
#net.ipv6.neigh.rndis0.retrans_time = 200
#net.ipv6.neigh.rndis0.base_reachable_time = 30
#net.ipv6.neigh.rndis0.delay_first_probe_time = 5
#net.ipv6.neigh.rndis0.gc_stale_time = 60
#net.ipv6.neigh.rndis0.unres_qlen = 3
#net.ipv6.neigh.rndis0.proxy_qlen = 64
#net.ipv6.neigh.rndis0.anycast_delay = 100
#net.ipv6.neigh.rndis0.proxy_delay = 80
#net.ipv6.neigh.rndis0.locktime = 0
#net.ipv6.neigh.rndis0.retrans_time_ms = 1000
#net.ipv6.neigh.rndis0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet2.mcast_solicit = 3
#net.ipv6.neigh.rmnet2.ucast_solicit = 3
#net.ipv6.neigh.rmnet2.app_solicit = 0
#net.ipv6.neigh.rmnet2.retrans_time = 200
#net.ipv6.neigh.rmnet2.base_reachable_time = 30
#net.ipv6.neigh.rmnet2.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet2.gc_stale_time = 60
#net.ipv6.neigh.rmnet2.unres_qlen = 3
#net.ipv6.neigh.rmnet2.proxy_qlen = 64
#net.ipv6.neigh.rmnet2.anycast_delay = 100
#net.ipv6.neigh.rmnet2.proxy_delay = 80
#net.ipv6.neigh.rmnet2.locktime = 0
#net.ipv6.neigh.rmnet2.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet2.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet1.mcast_solicit = 3
#net.ipv6.neigh.rmnet1.ucast_solicit = 3
#net.ipv6.neigh.rmnet1.app_solicit = 0
#net.ipv6.neigh.rmnet1.retrans_time = 200
#net.ipv6.neigh.rmnet1.base_reachable_time = 30
#net.ipv6.neigh.rmnet1.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet1.gc_stale_time = 60
#net.ipv6.neigh.rmnet1.unres_qlen = 3
#net.ipv6.neigh.rmnet1.proxy_qlen = 64
#net.ipv6.neigh.rmnet1.anycast_delay = 100
#net.ipv6.neigh.rmnet1.proxy_delay = 80
#net.ipv6.neigh.rmnet1.locktime = 0
#net.ipv6.neigh.rmnet1.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet1.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet0.mcast_solicit = 3
#net.ipv6.neigh.rmnet0.ucast_solicit = 3
#net.ipv6.neigh.rmnet0.app_solicit = 0
#net.ipv6.neigh.rmnet0.retrans_time = 200
#net.ipv6.neigh.rmnet0.base_reachable_time = 30
#net.ipv6.neigh.rmnet0.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet0.gc_stale_time = 60
#net.ipv6.neigh.rmnet0.unres_qlen = 3
#net.ipv6.neigh.rmnet0.proxy_qlen = 64
#net.ipv6.neigh.rmnet0.anycast_delay = 100
#net.ipv6.neigh.rmnet0.proxy_delay = 80
#net.ipv6.neigh.rmnet0.locktime = 0
#net.ipv6.neigh.rmnet0.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet0.base_reachable_time_ms = 30000
######
# Disable IPv6
###############
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1
# Wireless + TCP Speed & Security Tweaks
###############
#net.core.bpf_jit_enable = 0
net.core.rmem_default = 262144
net.core.wmem_default = 131072
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
#net.core.hot_list_length = 1024
net.core.rmem_default = 163840
net.core.rmem_max = 16777216
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 1024
net.core.warnings = 1
net.core.wmem_max = 16777216
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 50168
net.phonet.local_port_range = 64 255
net.core.netdev_max_backlog = 2500
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
###############
net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576
###############################
# VM & Filesystem tweaks
# (specifies amount of virtual RAM,
# if it should kill a task or not,
# how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 45
#fs.file-max = 80249
fs.nr_open = 1048576
fs.leases-enable = 1
#fs.inotify.max_queued_events = 16384
#fs.inotify.max_user_instances = 256
#fs.inotify.max_user_watches = 8192
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
fs.overflowuid = 65534
#fs.protected_symlinks = 1
#vm.overcommit_memory = 0
vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
vm.overcommit_ratio = 0
vm.drop_caches = 0
#vm.extfrag_threshold = 500
vm.swappiness = 0
vm.dirty_writeback_centisecs = 2000
#vm.dirty_expire_centisecs = 200
vm.dirty_ratio = 20
vm.highmem_is_dirtyable = 0
vm.dirty_background_ratio = 2
#vm.max_map_count = 65530
#vm.dirty_writeback_centisecs = 500
vm.oom_kill_allocating_task = 0
vm.nr_pdflush_threads = 0
vm.mmap_min_addr = 4096
#vm.min_free_kbytes = 8192
vm.panic_on_oom = 0
vm.vfs_cache_pressure = 100
vm.laptop_mode = 0
vm.block_dump = 0
vm.scan_unevictable_pages = 0
vm.percpu_pagelist_fraction = 0
vm.stat_interval = 1
#vold.post_fs_data_done = 1
#vm.dirty_background_bytes = 0
#vm.dirty_bytes = 0
# Disables logging
###############
#rm /dev/log/main
dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 217429
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 15905 7235
#fs.inode-state = 20259 0 0 0 0 0 0
fs.suid_dumpable = 0
fs.pipe-max-size = 1048576
#kernel.auto_msgmni = 1
kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
###############
# Kernel
###############
kernel.random.write_wakeup_threshold = 2048
#kernel.sched_features = 24189
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
kernel.sched_child_runs_first = 0
kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
kernel.watchdog = 1
#kernel.version = 479 SMP PREEMPT Mon Mar 30 13:32:29 CEST 2015
kernel.real-root-dev = 0
#kernel.sched_autogroup_enabled = 0
#kernel.sched_migration_cost_ns = 5000000
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
kernel.sched_latency_ns = 10000000
kernel.sched_migration_cost = 500000
kernel.sched_min_granularity_ns = 2250000
kernel.sched_nr_migrate = 32
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_shares_window = 10000000
kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250 32000 32 128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
kernel.shmall = 2097152
#kernel.random.poolsize = 4096
kernel.shmmax = 33554432
kernel.shmmni = 4096
kernel.softlockup_panic = 1
kernel.tainted = 1
kernel.threads-max = 12542
kernel.timer_migration = 1
#kernel.usermodehelper.inheritable = 4294967295 4294967295
#kernel.usermodehelper.bset = 4294967295 4294967295
#kernel.random.uuid = 465b8dc9-8ba6-474d-a762-a932375082f0
#kernel.random.entropy_avail = 4096
#kernel.random.read_wakeup_threshold = 4096
#kernel.random.boot_id = 77705164-182c-454a-ae31-6dc047e57c3e
kernel.auto_msgmni = 1
#kernel.maps_protect = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 1
kernel.dmesg_restrict = 2
kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
kernel.hostname = localhost
kernel.hotplug = /sbin/hotplug
kernel.hung_task_check_count = 32768
kernel.hung_task_panic = 1
kernel.hung_task_timeout_secs = 30
#kernel.hung_task_warnings = 10
kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 1
kernel.max_lock_depth = 1024
kernel.msgmax = 65536
kernel.msgmnb = 65536
#kernel.msgmni = 1119
#kernel.ngroups_max = 65536
kernel.nmi_watchdog = 1
#kernel.osrelease = 4.0.1
kernel.ostype = Linux
kernel.overflowgid = 65534
kernel.overflowuid = 65534
#kernel.panic = 1
kernel.panic_on_oops = 1
kernel.pid_max = 65536
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
kernel.printk = 4 4 1 7
kernel.printk_delay = 0
kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.cad_pid = 1
kernel.randomize_va_space = 2
crypto.fips_status = 0
# Controls the System Request debugging functionality
# of the kernel (magic-sysrq key)
kernel.sysrq = 1
###############
# Logcat
# 0 = enabled
# 1 = enable at boot, but not when suspended
# 2 = completely disabled
###############
# echo 0 > /sys/module/logger/parameters/log_mode
###############
# Interfaces -
# DO NOT change if you not know what you're doing!
###############
#service.adb.tcp.port = 5555
#service.adb.tcp.port = -1
#net.eth0.gw = 10.0.2.2
#net.eth0.dns1 = 10.0.2.3
#net.gprs.local-ip = 10.0.2.15
#ro.radio.use-ppp = no
#ro.bt.bdaddr_path = "/efs/bluetooth/bt_addr"
#ro.nfc.port = "I2C"
#sys.usb.state = ${sys.usb.config}
#service.adb.root = 1
#wifi.interface = wlan0
#wifi.supplicant_scan_interval = 250
#mobiledata.interfaces = pdp0,wlan0,gprs,ppp0
#ro.telephony.ril_class = SamsungExynos4RIL
#ro.carrier = unknown
#net.bt.name = chefkoch
#ro.com.android.wifi-watchlist = ChefkochGuest
#ro.com.google.clientidbase = android-google
#persist.sys.usb.config = mass_storage,adb
# Caching
# -1 means infinitive cacheing
#networkaddress.cache.ttl = 0
# Default 10
#networkaddress.cache.negative.ttl = 0
## WTF!
#profiler.force_disable_ulog = 1
#rofiler.force_disable_err_rpt = 1
# /WTF!
# Set maximum and minimum speed of raid resyncing operations
#dev.raid.speed_limit_max = 10000
#dev.raid.speed_limit_min = 1000
Raw
sysctl.conf
# Time created: 16.04.2015
# Works on Android 5 AND! Linux Debian
# proc/ must be called to use it.
#
# by CHEF-KOCH (all default values!)
# THX -> https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
#
# Optional: Interfaces which are depending how the kernel was compiled
# are marked with ####
#
# Of course: There are also some external interface names!
# -> e.g. Android uses p0p and such, you need to add them manually
# -> and NEVER mix the settings !
#
#
# All sysctl parameters are loaded at boot time through /etc/init.d/network script.
#The command is:
#sysctl -e -p /etc/sysctl.conf
# You can verify the Linux networking kernel parms from the root user with these commands:
# e.g. sysctl -a | grep ipv4.ip_local
##################################
#/proc/sys/net/ipv4/* Variables:
##################################
net.ipv4.ip_forward = 0
# 0 - disabled (default)
# not 0 - enabled
#
# Forward Packets between interfaces.
#
# This variable is special, its change resets all configuration
# parameters to their default state (RFC1122 for hosts, RFC1812
# for routers)
#
net.ipv4.ip_default_ttl = 64
# Default value of TTL field (Time To Live) for outgoing (but not
# forwarded) IP packets. Should be between 1 and 255 inclusive.
# Default: 64 (as recommended by RFC1700)
#
net.ipv4.ip_no_pmtu_disc = 0
# Disable Path MTU Discovery. If enabled in mode 1 and a
# fragmentation-required ICMP is received, the PMTU to this
# destination will be set to min_pmtu (see below). You will need
# to raise min_pmtu to the smallest interface MTU on your system
# manually if you want to avoid locally generated fragments.
#
# In mode 2 incoming Path MTU Discovery messages will be
# discarded. Outgoing frames are handled the same as in mode 1,
# implicitly setting IP_PMTUDISC_DONT on every created socket.
#
# Mode 3 is a hardend pmtu discover mode. The kernel will only
# accept fragmentation-needed errors if the underlying protocol
# can verify them besides a plain socket lookup. Current
# protocols for which pmtu events will be honored are TCP, SCTP
# and DCCP as they verify e.g. the sequence number or the
# association. This mode should not be enabled globally but is
# only intended to secure e.g. name servers in namespaces where
# TCP path mtu must still work but path MTU information of other
# protocols should be discarded. If enabled globally this mode
# could break other protocols.
#
# Possible values: 0-3
# Default: FALSE
#
net.ipv4.min_pmtu = 552
# default 552 - minimum discovered Path MTU
#
net.ipv4.ip_forward_use_pmtu = 0
# By default we don't trust protocol path MTUs while forwarding
# because they could be easily forged and can lead to unwanted
# fragmentation by the router.
# You only need to enable this if you have user-space software
# which tries to discover path mtus by itself and depends on the
# kernel honoring this information. This is normally not the
# case.
# Default: 0 (disabled)
# Possible values:
# 0 - disabled
# 1 - enabled
#
net.ipv4.fwmark_reflect = 0
# Controls the fwmark of kernel-generated IPv4 reply packets that are not
# associated with a socket for example, TCP RSTs or ICMP echo replies).
# If unset, these packets have a fwmark of zero. If set, they have the
# fwmark of the packet they are replying to.
# Default: 0
#
net.ipv4.route.max_size =
# Maximum number of routes allowed in the kernel. Increase
# this when using large numbers of interfaces and/or routes.
# From Linux kernel >=3.6 onwards, this is deprecated for ipv4
# as route cache is no longer used!
#
net.ipv4.neigh.default.gc_thresh1 = 128
# Minimum number of entries to keep. Garbage collector will not
# purge entries if there are fewer than this number.
# Default: 128
#
net.ipv4.neigh.default.gc_thresh2 = 512
# Threshold when garbage collector becomes more aggressive about
# purging entries. Entries older than 5 seconds will be cleared
# when over this number.
# Default: 512
#
net.ipv4.neigh.default.gc_thresh3 = 1024
# Maximum number of neighbor entries allowed. Increase this
# when using large numbers of interfaces and when communicating
# with large numbers of directly-connected peers.
# Default: 1024
#
net.ipv4.neigh.default.unres_qlen_bytes = 65536
# The maximum number of bytes which may be used by packets
# queued for each unresolved address by other network layers.
# (added in linux 3.3)
# Setting negative value is meaningless and will return error.
# Default: 65536 Bytes(64KB)
#
net.ipv4.neigh.default.unres_qlen = 31
# The maximum number of packets which may be queued for each
# unresolved address by other network layers.
# (deprecated in linux 3.3) : use unres_qlen_bytes instead.
# Prior to linux 3.3, the default value is 3 which may cause
# unexpected packet loss. The current default value is calculated
# according to default value of unres_qlen_bytes and true size of
# packet.
# Default: 31
#
net.ipv4.mtu_expires =
# Time, in seconds, that cached PMTU information is kept.
#
net.ipv4.min_adv_mss =
# The advertised MSS depends on the first hop route MTU, but will
# never be lower than this setting.
#
####IP Fragmentation:
#
net.ipv4.ipfrag_high_thresh =
# Maximum memory used to reassemble IP fragments. When
# ipfrag_high_thresh bytes of memory is allocated for this purpose,
# the fragment handler will toss packets until ipfrag_low_thresh
# is reached. This also serves as a maximum limit to namespaces
# different from the initial one.
#
net.ipv4.ipfrag_low_thresh =
# Maximum memory used to reassemble IP fragments before the kernel
# begins to remove incomplete fragment queues to free up resources.
# The kernel still accepts new fragments for defragmentation.
#
net.ipv4.ipfrag_time =
# Time in seconds to keep an IP fragment in memory.
#
net.ipv4.ipfrag_max_dist = 64
# ipfrag_max_dist is a non-negative integer value which defines the
# maximum "disorder" which is allowed among fragments which share a
# common IP source address. Note that reordering of packets is
# not unusual, but if a large number of fragments arrive from a source
# IP address while a particular fragment queue remains incomplete, it
# probably indicates that one or more fragments belonging to that queue
# have been lost. When ipfrag_max_dist is positive, an additional check
# is done on fragments before they are added to a reassembly queue - if
# ipfrag_max_dist (or more) fragments have arrived from a particular IP
# address between additions to any IP fragment queue using that source
# address, it's presumed that one or more fragments in the queue are
# lost. The existing fragment queue will be dropped, and a new one
# started. An ipfrag_max_dist value of zero disables this check.
#
# Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
# result in unnecessarily dropping fragment queues when normal
# reordering of packets occurs, which could lead to poor application
# performance. Using a very large value, e.g. 50000, increases the
# likelihood of incorrectly reassembling IP fragments that originate
# from different IP datagrams, which could result in data corruption.
# Default: 64
#
####INET peer storage:
#
net.ipv4.net.ipv4.inet_peer_threshold =
# The approximate size of the storage. Starting from this threshold
# entries will be thrown aggressively. This threshold also determines
# entries' time-to-live and time intervals between garbage collection
# passes. More entries, less time-to-live, less GC interval.
#
net.ipv4.inet_peer_minttl =
# Minimum time-to-live of entries. Should be enough to cover fragment
# time-to-live on the reassembling side. This minimum time-to-live is
# guaranteed if the pool size is less than inet_peer_threshold.
# Measured in seconds.
#
net.ipv4.inet_peer_maxttl =
# Maximum time-to-live of entries. Unused entries will expire after
# this period of time if there is no memory pressure on the pool (i.e.
# when the number of entries in the pool is very small).
# Measured in seconds.
#
####TCP variables:
#
net.ipv4.somaxconn = 128
# Limit of socket listen() backlog, known in userspace as SOMAXCONN.
# Defaults to 128. See also tcp_max_syn_backlog for additional tuning
# for TCP sockets.
#
net.ipv4.tcp_abort_on_overflow =
# If listening service is too slow to accept new connections,
# reset them. Default state is FALSE. It means that if overflow
# occurred due to a burst, connection will recover. Enable this
# option _only_ if you are really sure that listening daemon
# cannot be tuned to accept connections faster. Enabling this
# option can harm clients of your server.
#
net.ipv4.tcp_adv_win_scale = 1
# Count buffering overhead as bytes/2^tcp_adv_win_scale
# (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
# if it is <= 0.
# Possible values are [-31, 31], inclusive.
# Default: 1
#
net.ipv4.tcp_allowed_congestion_control =
# Show/set the congestion control choices available to non-privileged
# processes. The list is a subset of those listed in
# tcp_available_congestion_control.
# Default is "reno" and the default setting (tcp_congestion_control).
#
net.ipv4.tcp_app_win = 31
# Reserve max(window/2^tcp_app_win, mss) of window for application
# buffer. Value 0 is special, it means that nothing is reserved.
# Default: 31
#
net.ipv4.tcp_autocorking = 1
# Enable TCP auto corking :
# When applications do consecutive small write()/sendmsg() system calls,
# we try to coalesce these small writes as much as possible, to lower
# total amount of sent packets. This is done if at least one prior
# packet for the flow is waiting in Qdisc queues or device transmit
# queue. Applications can still use TCP_CORK for optimal behavior
# when they know how/when to uncork their sockets.
# Default : 1
#
net.ipv4.tcp_available_congestion_control =
# Shows the available congestion control choices that are registered.
# More congestion control algorithms may be available as modules,
# but not loaded.
#
net.ipv4.tcp_base_mss =
# The initial value of search_low to be used by the packetization layer
# Path MTU discovery (MTU probing). If MTU probing is enabled,
# this is the initial MSS used by the connection.
#
tcp_congestion_control =
# Set the congestion control algorithm to be used for new
# connections. The algorithm "reno" is always available, but
# additional choices may be available based on kernel configuration.
# Default is set as part of kernel configuration.
# For passive connections, the listener congestion control choice
# is inherited.
# [see setsockopt(listenfd, SOL_TCP, TCP_CONGESTION, "name" ...) ]
#
net.ipv4.tcp_dsack =
# Allows TCP to send "duplicate" SACKs.
#
net.ipv4.tcp_early_retrans = 3
# Enable Early Retransmit (ER), per RFC 5827. ER lowers the threshold
# for triggering fast retransmit when the amount of outstanding data is
# small and when no previously unsent data can be transmitted (such
# that limited transmit could be used). Also controls the use of
# Tail loss probe (TLP) that converts RTOs occurring due to tail
# losses into fast recovery (draft-dukkipati-tcpm-tcp-loss-probe-01).
# Possible values:
# 0 disables ER
# 1 enables ER
# 2 enables ER but delays fast recovery and fast retransmit
# by a fourth of RTT. This mitigates connection falsely
# recovers when network has a small degree of reordering
# (less than 3 packets).
# 3 enables delayed ER and TLP.
# 4 enables TLP only.
# Default: 3
#
net.ipv4.tcp_ecn = 2
# Control use of Explicit Congestion Notification (ECN) by TCP.
# ECN is used only when both ends of the TCP connection indicate
# support for it. This feature is useful in avoiding losses due
# to congestion by allowing supporting routers to signal
# congestion before having to drop packets.
# Possible values are:
# 0 Disable ECN. Neither initiate nor accept ECN.
# 1 Enable ECN when requested by incoming connections and
# also request ECN on outgoing connection attempts.
# 2 Enable ECN when requested by incoming connections
# but do not request ECN on outgoing connections.
# Default: 2
#
net.ipv4.tcp_fack =
# Enable FACK congestion avoidance and fast retransmission.
# The value is not used, if tcp_sack is not enabled.
#
net.ipv4.tcp_fin_timeout = 60
# The length of time an orphaned (no longer referenced by any
# application) connection will remain in the FIN_WAIT_2 state
# before it is aborted at the local end. While a perfectly
# valid "receive only" state for an un-orphaned connection, an
# orphaned connection in FIN_WAIT_2 state could otherwise wait
# forever for the remote to close its end of the connection.
# Cf. tcp_max_orphans
# Default: 60 seconds
#
net.ipv4.tcp_frto = 0
# Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
# F-RTO is an enhanced recovery algorithm for TCP retransmission
# timeouts. It is particularly beneficial in networks where the
# RTT fluctuates (e.g., wireless). F-RTO is sender-side only
# modification. It does not require any support from the peer.
#
# By default it's enabled with a non-zero value. 0 disables F-RTO.
#
net.ipv4.tcp_invalid_ratelimit = 500
# Limit the maximal rate for sending duplicate acknowledgments
# in response to incoming TCP packets that are for an existing
# connection but that are invalid due to any of these reasons:
#
# (a) out-of-window sequence number,
# (b) out-of-window acknowledgment number, or
# (c) PAWS (Protection Against Wrapped Sequence numbers) check failure
#
# This can help mitigate simple "ack loop" DoS attacks, wherein
# a buggy or malicious middlebox or man-in-the-middle can
# rewrite TCP header fields in manner that causes each endpoint
# to think that the other is sending invalid TCP segments, thus
# causing each side to send an unterminating stream of duplicate
# acknowledgments for invalid segments.
#
# Using 0 disables rate-limiting of dupacks in response to
# invalid segments; otherwise this value specifies the minimal
# space between sending such dupacks, in milliseconds.
#
# Default: 500 (milliseconds).
#
net.ipv4.tcp_keepalive_time =
# How often TCP sends out keepalive messages when keepalive is enabled.
# Default: 2hours.
#
net.ipv4.tcp_keepalive_probes = 9
# How many keepalive probes TCP sends out, until it decides that the
# connection is broken. Default value: 9.
#
net.ipv4.tcp_keepalive_intvl =
# How frequently the probes are send out. Multiplied by
# tcp_keepalive_probes it is time to kill not responding connection,
# after probes started. Default value: 75sec i.e. connection
# will be aborted after ~11 minutes of retries.
#
net.ipv4.tcp_low_latency = 0
# If set, the TCP stack makes decisions that prefer lower
# latency as opposed to higher throughput. By default, this
# option is not set meaning that higher throughput is preferred.
# An example of an application where this default should be
# changed would be a Beowulf compute cluster.
# Default: 0
#
net.ipv4.tcp_max_orphans =
# Maximal number of TCP sockets not attached to any user file handle,
# held by system. If this number is exceeded orphaned connections are
# reset immediately and warning is printed. This limit exists
# only to prevent simple DoS attacks, you _must_ not rely on this
# or lower the limit artificially, but rather increase it
# (probably, after increasing installed memory),
# if network conditions require more than default value,
# and tune network services to linger and kill such states
# more aggressively. Let me to remind again: each orphan eats
# up to ~64K of unswappable memory.
#
net.ipv4.tcp_max_syn_backlog =
# Maximal number of remembered connection requests, which have not
# received an acknowledgment from connecting client.
# The minimal value is 128 for low memory machines, and it will
# increase in proportion to the memory of machine.
# If server suffers from overload, try increasing this number.
#
net.ipv4.tcp_max_tw_buckets =
# Maximal number of timewait sockets held by system simultaneously.
# If this number is exceeded time-wait socket is immediately destroyed
# and warning is printed. This limit exists only to prevent
# simple DoS attacks, you _must_ not lower the limit artificially,
# but rather increase it (probably, after increasing installed memory),
# if network conditions require more than default value.
#
net.ipv4.tcp_mem =
# min: below this number of pages TCP is not bothered about its
# memory appetite.
#
# pressure: when amount of memory allocated by TCP exceeds this number
# of pages, TCP moderates its memory consumption and enters memory
# pressure mode, which is exited when memory consumption falls
# under "min".
#
# max: number of pages allowed for queueing by all TCP sockets.
#
# Defaults are calculated at boot time from amount of available
# memory.
#
net.ipv4.tcp_memtcp_moderate_rcvbuf =
# If set, TCP performs receive buffer auto-tuning, attempting to
# automatically size the buffer (no greater than tcp_rmem[2]) to
# match the size required by the path for full throughput. Enabled by
# default.
#
net.ipv4.tcp_mtu_probing =
# Controls TCP Packetization-Layer Path MTU Discovery. Takes three
# values:
# 0 - Disabled
# 1 - Disabled by default, enabled when an ICMP black hole detected
# 2 - Always enabled, use initial MSS of tcp_base_mss.
#
net.ipv4.tcp_no_metrics_save =
# By default, TCP saves various connection metrics in the route cache
# when the connection closes, so that connections established in the
# near future can use these to set initial conditions. Usually, this
# increases overall performance, but may sometimes cause performance
# degradation. If set, TCP will not cache metrics on closing
# connections.
#
net.ipv4.tcp_orphan_retries =
# This value influences the timeout of a locally closed TCP connection,
# when RTO retransmissions remain unacknowledged.
# See tcp_retries2 for more details.
#
# The default value is 8.
# If your machine is a loaded WEB server,
# you should think about lowering this value, such sockets
# may consume significant resources. Cf. tcp_max_orphans.
#
net.ipv4.tcp_reordering = 3
# Initial reordering level of packets in a TCP stream.
# TCP stack can then dynamically adjust flow reordering level
# between this initial value and tcp_max_reordering
# Default: 3
#
net.ipv4.tcp_max_reordering = 300
# Maximal reordering level of packets in a TCP stream.
# 300 is a fairly conservative value, but you might increase it
# if paths are using per packet load balancing (like bonding rr mode)
# Default: 300
#
tcp_retrans_collapse - BOOLEAN
# Bug-to-bug compatibility with some broken printers.
# On retransmit try to send bigger packets to work around bugs in
# certain TCP stacks.
#
net.ipv4.tcp_retries1 =
# This value influences the time, after which TCP decides, that
# something is wrong due to unacknowledged RTO retransmissions,
# and reports this suspicion to the network layer.
# See tcp_retries2 for more details.
#
# RFC 1122 recommends at least 3 retransmissions, which is the
# default.
#
net.ipv4.tcp_retries2 =
# This value influences the timeout of an alive TCP connection,
# when RTO retransmissions remain unacknowledged.
# Given a value of N, a hypothetical TCP connection following
# exponential backoff with an initial RTO of TCP_RTO_MIN would
# retransmit N times before killing the connection at the (N+1)th RTO.
#
# The default value of 15 yields a hypothetical timeout of 924.6
# seconds and is a lower bound for the effective timeout.
# TCP will effectively time out at the first RTO which exceeds the
# hypothetical timeout.
#
# RFC 1122 recommends at least 100 seconds for the timeout,
# which corresponds to a value of at least 8.
#
net.ipv4.tcp_rfc1337 = 0
# If set, the TCP stack behaves conforming to RFC1337. If unset,
# we are not conforming to RFC, but prevent TCP TIME_WAIT
# assassination.
# Default: 0
#
net.ipv4.tcp_rmem = 1
# min: Minimal size of receive buffer used by TCP sockets.
# It is guaranteed to each TCP socket, even under moderate memory
# pressure.
# Default: 1 page
#
# default: initial size of receive buffer used by TCP sockets.
# This value overrides net.core.rmem_default used by other protocols.
# Default: 87380 bytes. This value results in window of 65535 with
# default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
# less for default tcp_app_win. See below about these variables.
#
# max: maximal size of receive buffer allowed for automatically
# selected receiver buffers for TCP socket. This value does not override
# net.core.rmem_max. Calling setsockopt() with SO_RCVBUF disables
# automatic tuning of that socket's receive buffer size, in which
# case this value is ignored.
# Default: between 87380B and 6MB, depending on RAM size.
#
net.ipv4.tcp_sack =
# Enable select acknowledgments (SACKS).
#
net.ipv4.tcp_slow_start_after_idle = 1
# If set, provide RFC2861 behavior and time out the congestion
# window after an idle period. An idle period is defined at
# the current RTO. If unset, the congestion window will not
# be timed out after an idle period.
# Default: 1
#
net.ipv4.tcp_stdurg = 0
# Use the Host requirements interpretation of the TCP urgent pointer field.
# Most hosts use the older BSD interpretation, so if you turn this on
# Linux might not communicate correctly with them.
# Default: FALSE
#
net.ipv4.tcp_synack_retries =
# Number of times SYNACKs for a passive TCP connection attempt will
# be retransmitted. Should not be higher than 255. Default value
# is 5, which corresponds to 31seconds till the last retransmission
# with the current initial RTO of 1second. With this the final timeout
# for a passive TCP connection will happen after 63seconds.
#
net.ipv4.tcp_syncookies = 1
# Only valid when the kernel was compiled with CONFIG_SYN_COOKIES
# Send out syncookies when the syn backlog queue of a socket
# overflows. This is to prevent against the common 'SYN flood attack'
# Default: 1
#
# Note, that syncookies is fallback facility.
# It MUST NOT be used to help highly loaded servers to stand
# against legal connection rate. If you see SYN flood warnings
# in your logs, but investigation shows that they occur
# because of overload with legal connections, you should tune
# another parameters until this warning disappear.
# See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
#
# syncookies seriously violate TCP protocol, do not allow
# to use TCP extensions, can result in serious degradation
# of some services (f.e. SMTP relaying), visible not by you,
# but your clients and relays, contacting you. While you see
# SYN flood warnings in logs not being really flooded, your server
# is seriously misconfigured.
#
# If you want to test which effects syncookies have to your
# network connections you can set this knob to 2 to enable
# unconditionally generation of syncookies.
#
net.ipv4.tcp_fastopen = 1
# Enable TCP Fast Open feature (draft-ietf-tcpm-fastopen) to send data
# in the opening SYN packet. To use this feature, the client application
# must use sendmsg() or sendto() with MSG_FASTOPEN flag rather than
# connect() to perform a TCP handshake automatically.
#
# The values (bitmap) are
# 1: Enables sending data in the opening SYN on the client w/ MSG_FASTOPEN.
# 2: Enables TCP Fast Open on the server side, i.e., allowing data in
# a SYN packet to be accepted and passed to the application before
# 3-way hand shake finishes.
# 4: Send data in the opening SYN regardless of cookie availability and
# without a cookie option.
# 0x100: Accept SYN data w/o validating the cookie.
# 0x200: Accept data-in-SYN w/o any cookie option present.
# 0x400/0x800: Enable Fast Open on all listeners regardless of the
# TCP_FASTOPEN socket option. The two different flags designate two
# different ways of setting max_qlen without the TCP_FASTOPEN socket
# option.
#
# Default: 1
#
# Note that the client & server side Fast Open flags (1 and 2
# respectively) must be also enabled before the rest of flags can take
# effect.
#
# See include/net/tcp.h and the code for more details.
#
net.ipv4.tcp_syn_retries =
# Number of times initial SYNs for an active TCP connection attempt
# will be retransmitted. Should not be higher than 255. Default value
# is 6, which corresponds to 63seconds till the last retransmission
# with the current initial RTO of 1second. With this the final timeout
# for an active TCP connection attempt will happen after 127seconds.
#
net.ipv4.tcp_timestamps =
# Enable timestamps as defined in RFC1323.
#
net.ipv4.tcp_min_tso_segs = 2
# Minimal number of segments per TSO frame.
# Since linux-3.12, TCP does an automatic sizing of TSO frames,
# depending on flow rate, instead of filling 64Kbytes packets.
# For specific usages, it's possible to force TCP to build big
# TSO frames. Note that TCP stack might split too big TSO packets
# if available window is too small.
# Default: 2
#
net.ipv4.tcp_tso_win_divisor = 3
# This allows control over what percentage of the congestion window
# can be consumed by a single TSO frame.
# The setting of this parameter is a choice between burstiness and
# building larger TSO frames.
# Default: 3
#
net.ipv4.tcp_tw_recycle = 0
# Enable fast recycling TIME-WAIT sockets. Default value is 0.
# It should not be changed without advice/request of technical
# experts.
#
net.ipv4.tcp_tw_reuse = 0
# Allow to reuse TIME-WAIT sockets for new connections when it is
# safe from protocol viewpoint. Default value is 0.
# It should not be changed without advice/request of technical
# experts.
#
net.ipv4.tcp_window_scaling =
# Enable window scaling as defined in RFC1323.
#
net.ipv4.tcp_wmem =
# min: Amount of memory reserved for send buffers for TCP sockets.
# Each TCP socket has rights to use it due to fact of its birth.
# Default: 1 page
#
# default: initial size of send buffer used by TCP sockets. This
# value overrides net.core.wmem_default used by other protocols.
# It is usually lower than net.core.wmem_default.
# Default: 16K
#
# max: Maximal amount of memory allowed for automatically tuned
# send buffers for TCP sockets. This value does not override
# net.core.wmem_max. Calling setsockopt() with SO_SNDBUF disables
# automatic tuning of that socket's send buffer size, in which case
# this value is ignored.
# Default: between 64K and 4MB, depending on RAM size.
#
net.ipv4.tcp_notsent_lowat =
# A TCP socket can control the amount of unsent bytes in its write queue,
# thanks to TCP_NOTSENT_LOWAT socket option. poll()/select()/epoll()
# reports POLLOUT events if the amount of unsent bytes is below a per
# socket value, and if the write queue is not full. sendmsg() will
# also not add new buffers if the limit is hit.
#
# This global variable controls the amount of unsent data for
# sockets not using TCP_NOTSENT_LOWAT. For these sockets, a change
# to the global variable has immediate effect.
#
# Default: UINT_MAX (0xFFFFFFFF)
#
net.ipv4.tcp_workaround_signed_windows = 0
# If set, assume no receipt of a window scaling option means the
# remote TCP is broken and treats the window as a signed quantity.
# If unset, assume the remote TCP is not broken even if we do
# not receive a window scaling option from them.
# Default: 0
#
net.ipv4.tcp_thin_linear_timeouts = 0
# Enable dynamic triggering of linear timeouts for thin streams.
# If set, a check is performed upon retransmission by timeout to
# determine if the stream is thin (less than 4 packets in flight).
# As long as the stream is found to be thin, up to 6 linear
# timeouts may be performed before exponential backoff mode is
# initiated. This improves retransmission latency for
# non-aggressive thin streams, often found to be time-dependent.
# For more information on thin streams, see
# Documentation/networking/tcp-thin.txt
# Default: 0
#
net.ipv4.tcp_thin_dupack = 0
# Enable dynamic triggering of retransmissions after one dupACK
# for thin streams. If set, a check is performed upon reception
# of a dupACK to determine if the stream is thin (less than 4
# packets in flight). As long as the stream is found to be thin,
# data is retransmitted on the first received dupACK. This
# improves retransmission latency for non-aggressive thin
# streams, often found to be time-dependent.
# For more information on thin streams, see
# Documentation/networking/tcp-thin.txt
# Default: 0
#
net.ipv4.tcp_limit_output_bytes = 131072
# Controls TCP Small Queue limit per tcp socket.
# TCP bulk sender tends to increase packets in flight until it
# gets losses notifications. With SNDBUF autotuning, this can
# result in a large amount of packets queued in qdisc/device
# on the local machine, hurting latency of other flows, for
# typical pfifo_fast qdiscs.
# tcp_limit_output_bytes limits the number of bytes on qdisc
# or device to reduce artificial RTT/cwnd and reduce bufferbloat.
# Default: 131072
#
net.ipv4.tcp_challenge_ack_limit = 100
# Limits number of Challenge ACK sent per second, as recommended
# in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
# Default: 100
#
####UDP variables:
#
net.ipv4.udp_mem =
# Number of pages allowed for queueing by all UDP sockets.
#
# min: Below this number of pages UDP is not bothered about its
# memory appetite. When amount of memory allocated by UDP exceeds
# this number, UDP starts to moderate memory usage.
#
# pressure: This value was introduced to follow format of tcp_mem.
#
# max: Number of pages allowed for queueing by all UDP sockets.
#
# Default is calculated at boot time from amount of available memory.
#
net.ipv4.udp_rmem_min =
# Minimal size of receive buffer used by UDP sockets in moderation.
# Each UDP socket is able to use the size for receiving data, even if
# total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
# Default: 1 page
#
net.ipv4.udp_wmem_min =
# Minimal size of send buffer used by UDP sockets in moderation.
# Each UDP socket is able to use the size for sending data, even if
# total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
# Default: 1 page
#
####CIPSOv4 Variables:
#
net.ipv4.cipso_cache_enable = 1
# If set, enable additions to and lookups from the CIPSO label mapping
# cache. If unset, additions are ignored and lookups always result in a
# miss. However, regardless of the setting the cache is still
# invalidated when required when means you can safely toggle this on and
# off and the cache will always be "safe".
# Default: 1
#
net.ipv4.cipso_cache_bucket_size = 10
# The CIPSO label cache consists of a fixed size hash table with each
# hash bucket containing a number of cache entries. This variable limits
# the number of entries in each hash bucket; the larger the value the
# more CIPSO label mappings that can be cached. When the number of
# entries in a given hash bucket reaches this limit adding new entries
# causes the oldest entry in the bucket to be removed to make room.
# Default: 10
#
net.ipv4.cipso_rbm_optfmt = 0
# Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
# the CIPSO draft specification (see Documentation/netlabel for details).
# This means that when set the CIPSO tag will be padded with empty
# categories in order to make the packet data 32-bit aligned.
# Default: 0
#
net.ipv4.cipso_rbm_structvalid = 0
# If set, do a very strict check of the CIPSO option when
# ip_options_compile() is called. If unset, relax the checks done during
# ip_options_compile(). Either way is "safe" as errors are caught else
# where in the CIPSO processing code but setting this to 0 (False) should
# result in less work (i.e. it should be faster) but could cause problems
# with other implementations that require strict checking.
# Default: 0
#
####IP Variables:
#
net.ipv4.ip_local_port_range =
# Defines the local port range that is used by TCP and UDP to
# choose the local port. The first number is the first, the
# second the last local port number. The default values are
# 32768 and 61000 respectively.
#
net.ipv4.ip_local_reserved_ports =
# Specify the ports which are reserved for known third-party
# applications. These ports will not be used by automatic port
# assignments (e.g. when calling connect() or bind() with port
# number 0). Explicit port allocation behavior is unchanged.
#
# The format used for both input and output is a comma separated
# list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
# 10). Writing to the file will clear all previously reserved
# ports and update the current list with the one given in the
# input.
#
# Note that ip_local_port_range and ip_local_reserved_ports
# settings are independent and both are considered by the kernel
# when determining which ports are available for automatic port
# assignments.
#
# You can reserve ports which are not in the current
# ip_local_port_range, e.g.:
#
# $ cat /proc/sys/net/ipv4/ip_local_port_range
# 32000 61000
# $ cat /proc/sys/net/ipv4/ip_local_reserved_ports
# 8080,9148
#
# although this is redundant. However such a setting is useful
# if later the port range is changed to a value that will
# include the reserved ports.
#
# Default: Empty
#
net.ipv4.net.ipv4.ip_nonlocal_bind = 0
# If set, allows processes to bind() to non-local IP addresses,
# which can be quite useful - but may break some applications.
# Default: 0
#
net.ipv4.ip_dynaddr = 0
# If set non-zero, enables support for dynamic addresses.
# If set to a non-zero value larger than 1, a kernel log
# message will be printed when dynamic address rewriting
# occurs.
# Default: 0
#
net.ipv4.ip_early_demux = 1
# Optimize input packet processing down to one demux for
# certain kinds of local sockets. Currently we only do this
# for established TCP sockets.
#
# It may add an additional cost for pure routing workloads that
# reduces overall throughput, in such case you should disable it.
# Default: 1
#
net.ipv4.icmp_echo_ignore_all = 0
# If set non-zero, then the kernel will ignore all ICMP ECHO
# requests sent to it.
# Default: 0
#
net.ipv4.icmp_echo_ignore_broadcasts = 1
# If set non-zero, then the kernel will ignore all ICMP ECHO and
# TIMESTAMP requests sent to it via broadcast/multicast.
# Default: 1
#
net.ipv4.icmp_ratelimit = 1000
# Limit the maximal rates for sending ICMP packets whose type matches
# icmp_ratemask (see below) to specific targets.
# 0 to disable any limiting,
# otherwise the minimal space between responses in milliseconds.
# Note that another sysctl, icmp_msgs_per_sec limits the number
# of ICMP packets sent on all targets.
# Default: 1000
#
net.ipv4.icmp_msgs_per_sec 1000
# Limit maximal number of ICMP packets sent per second from this host.
# Only messages whose type matches icmp_ratemask (see below) are
# controlled by this limit.
# Default: 1000
#
net.ipv4.icmp_msgs_burst = 50
# icmp_msgs_per_sec controls number of ICMP packets sent per second,
# while icmp_msgs_burst controls the burst size of these packets.
# Default: 50
#
net.ipv4.icmp_ratemask =
# Mask made of ICMP types for which rates are being limited.
# Significant bits: IHGFEDCBA9876543210
# Default mask: 0000001100000011000 (6168)
#
# Bit definitions (see include/linux/icmp.h):
# 0 Echo Reply
# 3 Destination Unreachable *
# 4 Source Quench *
# 5 Redirect
# 8 Echo Request
# B Time Exceeded *
# C Parameter Problem *
# D Timestamp Request
# E Timestamp Reply
# F Info Request
# G Info Reply
# H Address Mask Request
# I Address Mask Reply
#
# * These are rate limited by default (see default mask above)
#
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Some routers violate RFC1122 by sending bogus responses to broadcast
# frames. Such violations are normally logged via a kernel warning.
# If this is set to TRUE, the kernel will not give such warnings, which
# will avoid log file clutter.
# Default: 1
#
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
#
# If zero, icmp error messages are sent with the primary address of
# the exiting interface.
#
# If non-zero, the message will be sent with the primary address of
# the interface that received the packet that caused the icmp error.
# This is the behaviour network many administrators will expect from
# a router. And it can make debugging complicated network layouts
# much easier.
#
# Note that if no primary address exists for the interface selected,
# then the primary address of the first non-loopback interface that
# has one will be used regardless of this setting.
#
# Default: 0
#
net.ipv4.igmp_max_memberships =
# Change the maximum number of multicast groups we can subscribe to.
# Default: 20
#
# Theoretical maximum value is bounded by having to send a membership
# report in a single datagram (i.e. the report can't span multiple
# datagrams, or risk confusing the switch and leaving groups you don't
# intend to).
#
# The number of supported groups 'M' is bounded by the number of group
# report entries you can fit into a single datagram of 65535 bytes.
#
# M = 65536-sizeof (ip header)/(sizeof(Group record))
#
# Group records are variable length, with a minimum of 12 bytes.
# So net.ipv4.igmp_max_memberships should not be set higher than:
#
# (65536-24) / 12 = 5459
#
# The value 5459 assumes no IP header options, so in practice
# this number may be lower.
#
# conf/interface/* changes special settings per interface (where
# "interface" is the name of your network interface)
#
# conf/all/* is special, changes the settings for all interfaces
#
net.ipv4.igmp_qrv =
# Controls the IGMP query robustness variable (see RFC2236 8.1).
# Default: 2 (as specified by RFC2236 8.1)
# Minimum: 1 (as specified by RFC6636 4.5)
#
net.ipv4.log_martians =
# Log packets with impossible addresses to kernel log.
# log_martians for the interface will be enabled if at least one of
# conf/{all,interface}/log_martians is set to TRUE,
# it will be disabled otherwise
#
net.ipv4.accept_redirects =
# Accept ICMP redirect messages.
# accept_redirects for the interface will be enabled if:
# - both conf/{all,interface}/accept_redirects are TRUE in the case
# forwarding for the interface is enabled
# or
# - at least one of conf/{all,interface}/accept_redirects is TRUE in the
# case forwarding for the interface is disabled
# accept_redirects for the interface will be disabled otherwise
# default TRUE (host)
# FALSE (router)
#
net.ipv4.forwarding = 0
# Enable IP forwarding on this interface.
#
net.ipv4.mc_forwarding =
# Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
# and a multicast routing daemon is required.
# conf/all/mc_forwarding must also be set to TRUE to enable multicast
# routing for the interface
#
net.ipv4.medium_id =
# Integer value used to differentiate the devices by the medium they
# are attached to. Two devices can have different id values when
# the broadcast packets are received only on one of them.
# The default value 0 means that the device is the only interface
# to its medium, value of -1 means that medium is not known.
#
# Currently, it is used to change the proxy_arp behavior:
# the proxy_arp feature is enabled for packets forwarded between
# two devices attached to different media.
#
net.ipv4.proxy_arp =
# Do proxy arp.
# proxy_arp for the interface will be enabled if at least one of
# conf/{all,interface}/proxy_arp is set to TRUE,
# it will be disabled otherwise
#
net.ipv4.proxy_arp_pvlan =
# Private VLAN proxy arp.
# Basically allow proxy arp replies back to the same interface
# (from which the ARP request/solicitation was received).
#
# This is done to support (ethernet) switch features, like RFC
# 3069, where the individual ports are NOT allowed to
# communicate with each other, but they are allowed to talk to
# the upstream router. As described in RFC 3069, it is possible
# to allow these hosts to communicate through the upstream
# router by proxy_arp'ing. Don't need to be used together with
# proxy_arp.
#
# This technology is known by different names:
# In RFC 3069 it is called VLAN Aggregation.
# Cisco and Allied Telesyn call it Private VLAN.
# Hewlett-Packard call it Source-Port filtering or port-isolation.
# Ericsson call it MAC-Forced Forwarding (RFC Draft).
#
net.ipv4.shared_media = 1
# Send(router) or accept(host) RFC1620 shared media redirects.
# Overrides ip_secure_redirects.
# shared_media for the interface will be enabled if at least one of
# conf/{all,interface}/shared_media is set to TRUE,
# it will be disabled otherwise
# default TRUE
#
net.ipv4.secure_redirects = 1
# Accept ICMP redirect messages only for gateways,
# listed in default gateway list.
# secure_redirects for the interface will be enabled if at least one of
# conf/{all,interface}/secure_redirects is set to TRUE,
# it will be disabled otherwise
# default TRUE
#
net.ipv4.send_redirects = 1
# Send redirects, if router.
# send_redirects for the interface will be enabled if at least one of
# conf/{all,interface}/send_redirects is set to TRUE,
# it will be disabled otherwise
# Default: TRUE
#
net.ipv4.bootp_relay = 0
# Accept packets with source address 0.b.c.d destined
# not to this host as local ones. It is supposed, that
# BOOTP relay daemon will catch and forward such packets.
# conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
# for the interface
# default FALSE
# Not Implemented Yet.
#
net.ipv4.accept_source_route = 1
# Accept packets with SRR option.
# conf/all/accept_source_route must also be set to TRUE to accept packets
# with SRR option on the interface
# default TRUE (router)
# FALSE (host)
#
net.ipv4.accept_local = 0
# Accept packets with local source addresses. In combination with
# suitable routing, this can be used to direct packets between two
# local interfaces over the wire and have them accepted properly.
# default FALSE
#
net.ipv4.route_localnet =
# Do not consider loopback addresses as martian source or destination
# while routing. This enables the use of 127/8 for local routing purposes.
# default FALSE
#
net.ipv4.rp_filter =
# 0 - No source validation.
# 1 - Strict mode as defined in RFC3704 Strict Reverse Path
# Each incoming packet is tested against the FIB and if the interface
# is not the best reverse path the packet check will fail.
# By default failed packets are discarded.
# 2 - Loose mode as defined in RFC3704 Loose Reverse Path
# Each incoming packet's source address is also tested against the FIB
# and if the source address is not reachable via any interface
# the packet check will fail.
#
# Current recommended practice in RFC3704 is to enable strict mode
# to prevent IP spoofing from DDos attacks. If using asymmetric routing
# or other complicated routing, then loose mode is recommended.
#
# The max value from conf/{all,interface}/rp_filter is used
# when doing source validation on the {interface}.
#
# Default value is 0. Note that some distributions enable it
# in startup scripts.
#
net.ipv4.arp_filter =
# 1 - Allows you to have multiple network interfaces on the same
# subnet, and have the ARPs for each interface be answered
# based on whether or not the kernel would route a packet from
# the ARP'd IP out that interface (therefore you must use source
# based routing for this to work). In other words it allows control
# of which cards (usually 1) will respond to an arp request.
#
# 0 - (default) The kernel can respond to arp requests with addresses
# from other interfaces. This may seem wrong but it usually makes
# sense, because it increases the chance of successful communication.
# IP addresses are owned by the complete host on Linux, not by
# particular interfaces. Only for more complex setups like load-
# balancing, does this behaviour cause problems.
#
# arp_filter for the interface will be enabled if at least one of
# conf/{all,interface}/arp_filter is set to TRUE,
# it will be disabled otherwise
#
net.ipv4.arp_announce =
# Define different restriction levels for announcing the local
# source IP address from IP packets in ARP requests sent on
# interface:
# 0 - (default) Use any local address, configured on any interface
# 1 - Try to avoid local addresses that are not in the target's
# subnet for this interface. This mode is useful when target
# hosts reachable via this interface require the source IP
# address in ARP requests to be part of their logical network
# configured on the receiving interface. When we generate the
# request we will check all our subnets that include the
# target IP and will preserve the source address if it is from
# such subnet. If there is no such subnet we select source
# address according to the rules for level 2.
# 2 - Always use the best local address for this target.
# In this mode we ignore the source address in the IP packet
# and try to select local address that we prefer for talks with
# the target host. Such local address is selected by looking
# for primary IP addresses on all our subnets on the outgoing
# interface that include the target IP address. If no suitable
# local address is found we select the first local address
# we have on the outgoing interface or on all other interfaces,
# with the hope we will receive reply for our request and
# even sometimes no matter the source IP address we announce.
#
# The max value from conf/{all,interface}/arp_announce is used.
#
# Increasing the restriction level gives more chance for
# receiving answer from the resolved target while decreasing
# the level announces more valid sender's information.
#
net.ipv4.arp_ignore =
# Define different modes for sending replies in response to
# received ARP requests that resolve local target IP addresses:
# 0 - (default): reply for any local target IP address, configured
# on any interface
# 1 - reply only if the target IP address is local address
# configured on the incoming interface
# 2 - reply only if the target IP address is local address
# configured on the incoming interface and both with the
# sender's IP address are part from same subnet on this interface
# 3 - do not reply for local addresses configured with scope host,
# only resolutions for global and link addresses are replied
# 4-7 - reserved
# 8 - do not reply for all local addresses
#
# The max value from conf/{all,interface}/arp_ignore is used
# when ARP request is received on the {interface}
#
net.ipv4.arp_notify = 0
# Define mode for notification of address and device changes.
# 0 - (default): do nothing
# 1 - Generate gratuitous arp requests when device is brought up
# or hardware address changes.
#
net.ipv4.arp_accept =
# Define behavior for gratuitous ARP frames who's IP is not
# already present in the ARP table:
# 0 - don't create new entries in the ARP table
# 1 - create new entries in the ARP table
#
# Both replies and requests type gratuitous arp will trigger the
# ARP table to be updated, if this setting is on.
#
# If the ARP table already contains the IP address of the
# gratuitous arp frame, the arp table will be updated regardless
# if this setting is on or off.
#
#
net.ipv4.app_solicit = 0
# The maximum number of probes to send to the user space ARP daemon
# via netlink before dropping back to multicast probes (see
# mcast_solicit). Defaults to 0.
#
net.ipv4.disable_policy =
# Disable IPSEC policy (SPD) for this interface
#
net.ipv4.disable_xfrm =
# Disable IPSEC encryption on this interface, whatever the policy
#
net.ipv4.igmpv2_unsolicited_report_interval = 10000
# The interval in milliseconds in which the next unsolicited
# IGMPv1 or IGMPv2 report retransmit will take place.
# Default: 10000 (10 seconds)
#
net.ipv4.igmpv3_unsolicited_report_interval = 1000
# The interval in milliseconds in which the next unsolicited
# IGMPv3 report retransmit will take place.
# Default: 1000 (1 seconds)
#
net.ipv4.promote_secondaries =
# When a primary IP address is removed from this interface
# promote a corresponding secondary IP address instead of
# removing all the corresponding secondary IP addresses.
#
#
net.ipv4.tag = 0
# Allows you to write a number, which can be used as required.
# Default value is 0.
##################################
# /proc/sys/net/ipv6/* Variables:
##################################
#IPv6 has no global variables such as tcp_*. tcp_* settings under ipv4/ also
#apply to IPv6 [XXX?].
#
net.ipv6.bindv6only = 0
# Default value for IPV6_V6ONLY socket option,
# which restricts use of the IPv6 socket to IPv6 communication
# only.
# TRUE: disable IPv4-mapped address feature
# FALSE: enable IPv4-mapped address feature
#
# Default: FALSE (as specified in RFC3493)
#
net.ipv6.flowlabel_consistency = 1
# Protect the consistency (and unicity) of flow label.
# You have to disable it to use IPV6_FL_F_REFLECT flag on the
# flow label manager.
# TRUE: enabled
# FALSE: disabled
# Default: TRUE
#
net.ipv6.auto_flowlabels = 0
# Automatically generate flow labels based based on a flow hash
# of the packet. This allows intermediate devices, such as routers,
# to idenfify packet flows for mechanisms like Equal Cost Multipath
# Routing (see RFC 6438).
# TRUE: enabled
# FALSE: disabled
# Default: false
#
net.ipv6.anycast_src_echo_reply = 0
# Controls the use of anycast addresses as source addresses for ICMPv6
# echo reply
# TRUE: enabled
# FALSE: disabled
# Default: FALSE
#
net.ipv6.mld_qrv = 2
# Controls the MLD query robustness variable (see RFC3810 9.1).
# Default: 2 (as specified by RFC3810 9.1)
# Minimum: 1 (as specified by RFC6636 4.5)
#
####IPv6 Fragmentation:
#
net.ipv6.ip6frag_high_thresh =
# Maximum memory used to reassemble IPv6 fragments. When
# ip6frag_high_thresh bytes of memory is allocated for this purpose,
# the fragment handler will toss packets until ip6frag_low_thresh
# is reached.
#
net.ipv6.ip6frag_low_thresh =
# See ip6frag_high_thresh
#
net.ipv6.ip6frag_time =
# Time in seconds to keep an IPv6 fragment in memory.
#
####conf/default/*:
#### Change the interface-specific default settings.
#
#
####conf/all/*:
#### Change all the interface-specific settings.
#
# [XXX: Other special features than forwarding?]
#
net.ipv6.conf.all.forwarding =
# Enable global IPv6 forwarding between all interfaces.
#
# IPv4 and IPv6 work differently here; e.g. netfilter must be used
# to control which interfaces may forward packets and which not.
#
# This also sets all interfaces' Host/Router setting
# 'forwarding' to the specified value. See below for details.
#
# This referred to as global forwarding.
#
net.ipv6.conf.all.proxy_ndp =
# Do proxy ndp.
#
net.ipv6.conf.all.fwmark_reflect = 0
# Controls the fwmark of kernel-generated IPv6 reply packets that are not
# associated with a socket for example, TCP RSTs or ICMPv6 echo replies).
# If unset, these packets have a fwmark of zero. If set, they have the
# fwmark of the packet they are replying to.
# Default: 0
#
#
####conf/interface/*:
# Change special settings per interface.
#
# The functional behaviour for certain settings is different
# depending on whether local forwarding is enabled or not.
#
net.ipv6.conf.interface.accept_ra = 1
# Accept Router Advertisements; autoconfigure using them.
#
# It also determines whether or not to transmit Router
# Solicitations. If and only if the functional setting is to
# accept Router Advertisements, Router Solicitations will be
# transmitted.
#
# Possible values are:
# 0 Do not accept Router Advertisements.
# 1 Accept Router Advertisements if forwarding is disabled.
# 2 Overrule forwarding behaviour. Accept Router Advertisements
# even if forwarding is enabled.
#
# Functional default: enabled if local forwarding is disabled.
# disabled if local forwarding is enabled.
#
net.ipv6.conf.interface.accept_ra_defrtr =
# Learn default router in Router Advertisement.
#
# Functional default: enabled if accept_ra is enabled.
# disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_from_local =
# Accept RA with source-address that is found on local machine
# if the RA is otherwise proper and able to be accepted.
# Default is to NOT accept these as it may be an un-intended
# network loop.
#
# Functional default:
# enabled if accept_ra_from_local is enabled
# on a specific interface.
# disabled if accept_ra_from_local is disabled
# on a specific interface.
#
net.ipv6.conf.interface.accept_ra_pinfo =
# Learn Prefix Information in Router Advertisement.
#
# Functional default: enabled if accept_ra is enabled.
# disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_rt_info_max_plen = 0
# Maximum prefix length of Route Information in RA.
#
# Route Information w/ prefix larger than or equal to this
# variable shall be ignored.
#
# Functional default: 0 if accept_ra_rtr_pref is enabled.
# -1 if accept_ra_rtr_pref is disabled.
#
net.ipv6.conf.interface.accept_ra_rtr_pref =
# Accept Router Preference in RA.
#
# Functional default: enabled if accept_ra is enabled.
# disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_mtu =
# Apply the MTU value specified in RA option 5 (RFC4861). If
# disabled, the MTU specified in the RA will be ignored.
#
# Functional default: enabled if accept_ra is enabled.
# disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_redirects =
# Accept Redirects.
#
# Functional default: enabled if local forwarding is disabled.
# disabled if local forwarding is enabled.
#
net.ipv6.conf.interface.accept_source_route = 0
# Accept source routing (routing extension header).
#
# >= 0: Accept only routing header type 2.
# < 0: Do not accept routing header.
#
# Default: 0
#
net.ipv6.conf.interface.autoconf =
# Autoconfigure addresses using Prefix Information in Router
# Advertisements.
#
# Functional default: enabled if accept_ra_pinfo is enabled.
# disabled if accept_ra_pinfo is disabled.
#
net.ipv6.conf.interface.dad_transmits = 1
# The amount of Duplicate Address Detection probes to send.
# Default: 1
#
net.ipv6.conf.interface.forwarding = 0
# Configure interface-specific Host/Router behaviour.
#
# Note: It is recommended to have the same setting on all
# interfaces; mixed router/host scenarios are rather uncommon.
#
# Possible values are:
# 0 Forwarding disabled
# 1 Forwarding enabled
#
# FALSE (0):
#
# By default, Host behaviour is assumed. This means:
#
# 1. IsRouter flag is not set in Neighbour Advertisements.
# 2. If accept_ra is TRUE (default), transmit Router
# Solicitations.
# 3. If accept_ra is TRUE (default), accept Router
# Advertisements (and do autoconfiguration).
# 4. If accept_redirects is TRUE (default), accept Redirects.
#
# TRUE (1):
#
# If local forwarding is enabled, Router behaviour is assumed.
# This means exactly the reverse from the above:
#
# 1. IsRouter flag is set in Neighbour Advertisements.
# 2. Router Solicitations are not sent unless accept_ra is 2.
# 3. Router Advertisements are ignored unless accept_ra is 2.
# 4. Redirects are ignored.
#
# Default: 0 (disabled) if global forwarding is disabled (default),
# otherwise 1 (enabled).
#
net.ipv6.conf.interface.hop_limit = 64
# Default Hop Limit to set.
# Default: 64
#
net.ipv6.conf.interface.mtu = 1280
# Default Maximum Transfer Unit
# Default: 1280 (IPv6 required minimum)
#
net.ipv6.conf.interface.router_probe_interval = 60
# Minimum interval (in seconds) between Router Probing described
# in RFC4191.
#
# Default: 60
#
net.ipv6.conf.interface.router_solicitation_delay = 1
# Number of seconds to wait after interface is brought up
# before sending Router Solicitations.
# Default: 1
#
net.ipv6.conf.interface.router_solicitation_interval =4
# Number of seconds to wait between Router Solicitations.
# Default: 4
#
net.ipv6.conf.interface.router_solicitations = 3
# Number of Router Solicitations to send until assuming no
# routers are present.
# Default: 3
#
net.ipv6.conf.interface.use_tempaddr = 0
# Preference for Privacy Extensions (RFC3041).
# <= 0 : disable Privacy Extensions
# == 1 : enable Privacy Extensions, but prefer public
# addresses over temporary addresses.
# > 1 : enable Privacy Extensions and prefer temporary
# addresses over public addresses.
# Default: 0 (for most devices)
# -1 (for point-to-point devices and loopback devices)
#
net.ipv6.conf.interface.temp_valid_lft = 604800
# valid lifetime (in seconds) for temporary addresses.
# Default: 604800 (7 days)
#
net.ipv6.conf.interface.temp_prefered_lft = 86400
# Preferred lifetime (in seconds) for temporary addresses.
# Default: 86400 (1 day)
#
net.ipv6.conf.interface.max_desync_factor = 600
# Maximum value for DESYNC_FACTOR, which is a random value
# that ensures that clients don't synchronize with each
# other and generate new addresses at exactly the same time.
# value is in seconds.
# Default: 600
#
net.ipv6.conf.interface.regen_max_retry = 5
# Number of attempts before give up attempting to generate
# valid temporary addresses.
# Default: 5
#
net.ipv6.conf.interface.max_addresses = 16
# Maximum number of autoconfigured addresses per interface. Setting
# to zero disables the limitation. It is not recommended to set this
# value too large (or to zero) because it would be an easy way to
# crash the kernel by allowing too many addresses to be created.
# Default: 16
#
net.ipv6.conf.interface.disable_ipv6 = 0
# Disable IPv6 operation. If accept_dad is set to 2, this value
# will be dynamically set to TRUE if DAD fails for the link-local
# address.
# Default: FALSE (enable IPv6 operation)
#
# When this value is changed from 1 to 0 (IPv6 is being enabled),
# it will dynamically create a link-local address on the given
# interface and start Duplicate Address Detection, if necessary.
#
# When this value is changed from 0 to 1 (IPv6 is being disabled),
# it will dynamically delete all address on the given interface.
#
net.ipv6.conf.interface.accept_dad =
# Whether to accept DAD (Duplicate Address Detection).
# 0: Disable DAD
# 1: Enable DAD (default)
# 2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
# link-local address has been found.
#
net.ipv6.conf.interface.force_tllao = 0
# Enable sending the target link-layer address option even when
# responding to a unicast neighbor solicitation.
# Default: FALSE
#
# Quoting from RFC 2461, section 4.4, Target link-layer address:
#
# "The option MUST be included for multicast solicitations in order to
# avoid infinite Neighbor Solicitation "recursion" when the peer node
# does not have a cache entry to return a Neighbor Advertisements
# message. When responding to unicast solicitations, the option can be
# omitted since the sender of the solicitation has the correct link-
# layer address; otherwise it would not have be able to send the unicast
# solicitation in the first place. However, including the link-layer
# address in this case adds little overhead and eliminates a potential
# race condition where the sender deletes the cached link-layer address
# prior to receiving a response to a previous solicitation."
#
net.ipv6.conf.interface.ndisc_notify = 0
# Define mode for notification of address and device changes.
# 0 - (default): do nothing
# 1 - Generate unsolicited neighbour advertisements when device is brought
# up or hardware address changes.
#
net.ipv6.conf.interface.mldv1_unsolicited_report_interval = 10000
# The interval in milliseconds in which the next unsolicited
# MLDv1 report retransmit will take place.
# Default: 10000 (10 seconds)
#
net.ipv6.conf.interface.mldv2_unsolicited_report_interval = 1000
# The interval in milliseconds in which the next unsolicited
# MLDv2 report retransmit will take place.
# Default: 1000 (1 second)
#
net.ipv6.conf.interface.force_mld_version = 0
# 0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
# 1 - Enforce to use MLD version 1
# 2 - Enforce to use MLD version 2
#
net.ipv6.conf.interface.suppress_frag_ndisc = 1
# Control RFC 6980 (Security Implications of IPv6 Fragmentation
# with IPv6 Neighbor Discovery) behavior:
# 1 - (default) discard fragmented neighbor discovery packets
# 0 - allow fragmented neighbor discovery packets
#
net.ipv6.conf.interface.optimistic_dad = 0
# Whether to perform Optimistic Duplicate Address Detection (RFC 4429).
# 0: disabled (default)
# 1: enabled
#
net.ipv6.conf.interface.use_optimistic = 0
# If enabled, do not classify optimistic addresses as deprecated during
# source address selection. Preferred addresses will still be chosen
# before optimistic addresses, subject to other ranking in the source
# address selection algorithm.
# 0: disabled (default)
# 1: enabled
#
####icmp/*:
net.ipv6.conf.interface.icmp.ratelimit = 1000
# Limit the maximal rates for sending ICMPv6 packets.
# 0 to disable any limiting,
# otherwise the minimal space between responses in milliseconds.
# Default: 1000
#
#
####IPv6 Update by:
##################################
#/proc/sys/net/bridge/* Variables:
##################################
net.bridge.bridge-nf-call-arptables = 1
# 1 : pass bridged ARP traffic to arptables' FORWARD chain.
# 0 : disable this.
# Default: 1
#
net.bridge.bridge-nf-call-iptables = 1
# 1 : pass bridged IPv4 traffic to iptables' chains.
# 0 : disable this.
# Default: 1
#
net.bridge.bridge-nf-call-ip6tables = 1
# 1 : pass bridged IPv6 traffic to ip6tables' chains.
# 0 : disable this.
# Default: 1
#
net.bridge.bridge-nf-filter-vlan-tagged = 0
# 1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
# 0 : disable this.
# Default: 0
#
net.bridge.bridge-nf-filter-pppoe-tagged = 0
# 1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
# 0 : disable this.
# Default: 0
#
net.bridge.bridge-nf-pass-vlan-input-dev = 0
# 1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
# interface on the bridge and set the netfilter input device to the vlan.
# This allows use of e.g. "iptables -i br0.1" and makes the REDIRECT
# target work with vlan-on-top-of-bridge interfaces. When no matching
# vlan interface is found, or this switch is off, the input device is
# set to the bridge interface.
# 0: disable bridge netfilter vlan interface lookup.
# Default: 0
#
##################################
#/proc/sys/net/sctp/* Variables:
##################################
#
net.sctp.addip_enable = 0
# Enable or disable extension of Dynamic Address Reconfiguration
# (ADD-IP) functionality specified in RFC5061. This extension provides
# the ability to dynamically add and remove new addresses for the SCTP
# associations.
#
# 1: Enable extension.
#
# 0: Disable extension.
#
# Default: 0
#
net.sctp.addip_noauth_enable = 0
# Dynamic Address Reconfiguration (ADD-IP) requires the use of
# authentication to protect the operations of adding or removing new
# addresses. This requirement is mandated so that unauthorized hosts
# would not be able to hijack associations. However, older
# implementations may not have implemented this requirement while
# allowing the ADD-IP extension. For reasons of interoperability,
# we provide this variable to control the enforcement of the
# authentication requirement.
#
# 1: Allow ADD-IP extension to be used without authentication. This
# should only be set in a closed environment for interoperability
# with older implementations.
#
# 0: Enforce the authentication requirement
#
# Default: 0
#
net.sctp.auth_enable = 0
# Enable or disable Authenticated Chunks extension. This extension
# provides the ability to send and receive authenticated chunks and is
# required for secure operation of Dynamic Address Reconfiguration
# (ADD-IP) extension.
#
# 1: Enable this extension.
# 0: Disable this extension.
#
# Default: 0
#
net.sctp.prsctp_enable = 1
# Enable or disable the Partial Reliability extension (RFC3758) which
# is used to notify peers that a given DATA should no longer be expected.
#
# 1: Enable extension
# 0: Disable
#
# Default: 1
#
net.sctp.max_burst = 4
# The limit of the number of new packets that can be initially sent. It
# controls how bursty the generated traffic can be.
#
# Default: 4
#
net.sctp.association_max_retrans = 10
# Set the maximum number for retransmissions that an association can
# attempt deciding that the remote end is unreachable. If this value
# is exceeded, the association is terminated.
#
# Default: 10
#
net.sctp.max_init_retransmits = 8
# The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
# that an association will attempt before declaring the destination
# unreachable and terminating.
#
# Default: 8
#
net.sctp.path_max_retrans = 5
# The maximum number of retransmissions that will be attempted on a given
# path. Once this threshold is exceeded, the path is considered
# unreachable, and new traffic will use a different path when the
# association is multihomed.
#
# Default: 5
#
net.sctp.pf_retrans = 0
# The number of retransmissions that will be attempted on a given path
# before traffic is redirected to an alternate transport (should one
# exist). Note this is distinct from path_max_retrans, as a path that
# passes the pf_retrans threshold can still be used. Its only
# deprioritized when a transmission path is selected by the stack. This
# setting is primarily used to enable fast failover mechanisms without
# having to reduce path_max_retrans to a very low value. See:
# http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
# for details. Note also that a value of pf_retrans > path_max_retrans
# disables this feature
#
# Default: 0
#
net.sctp.rto_initial = 3000
# The initial round trip timeout value in milliseconds that will be used
# in calculating round trip times. This is the initial time interval
# for retransmissions.
#
# Default: 3000
#
net.sctp.rto_max = 60000
# The maximum value (in milliseconds) of the round trip timeout. This
# is the largest time interval that can elapse between retransmissions.
#
# Default: 60000
#
net.sctp.rto_min = 1000
# The minimum value (in milliseconds) of the round trip timeout. This
# is the smallest time interval the can elapse between retransmissions.
#
# Default: 1000
#
net.sctp.hb_interval = 30000
# The interval (in milliseconds) between HEARTBEAT chunks. These chunks
# are sent at the specified interval on idle paths to probe the state of
# a given path between 2 associations.
#
# Default: 30000
#
net.sctp.sack_timeout = 200
# The amount of time (in milliseconds) that the implementation will wait
# to send a SACK.
#
# Default: 200
#
net.sctp.valid_cookie_life = 60000
# The default lifetime of the SCTP cookie (in milliseconds). The cookie
# is used during association establishment.
#
# Default: 60000
#
net.sctp.cookie_preserve_enable = 1
# Enable or disable the ability to extend the lifetime of the SCTP cookie
# that is used during the establishment phase of SCTP association
#
# 1: Enable cookie lifetime extension.
# 0: Disable
#
# Default: 1
#
net.sctp.cookie_hmac_alg = sha1
# Select the hmac algorithm used when generating the cookie value sent by
# a listening sctp socket to a connecting client in the INIT-ACK chunk.
# Valid values are:
# * md5
# * sha1
# * none
# Ability to assign md5 or sha1 as the selected alg is predicated on the
# configuration of those algorithms at build time (CONFIG_CRYPTO_MD5 and
# CONFIG_CRYPTO_SHA1).
#
# Default: Dependent on configuration. MD5 if available, else SHA1 if
# available, else none.
#
net.sctp.rcvbuf_policy =
# Determines if the receive buffer is attributed to the socket or to
# association. SCTP supports the capability to create multiple
# associations on a single socket. When using this capability, it is
# possible that a single stalled association that's buffering a lot
# of data may block other associations from delivering their data by
# consuming all of the receive buffer space. To work around this,
# the rcvbuf_policy could be set to attribute the receiver buffer space
# to each association instead of the socket. This prevents the described
# blocking.
#
# 1: rcvbuf space is per association
# 0: rcvbuf space is per socket
#
# Default: 0
#
net.sctp.sndbuf_policy = 0
# Similar to rcvbuf_policy above, this applies to send buffer space.
#
# 1: Send buffer is tracked per association
# 0: Send buffer is tracked per socket.
#
# Default: 0
#
net.sctp.sctp_mem =
# Number of pages allowed for queueing by all SCTP sockets.
#
# min: Below this number of pages SCTP is not bothered about its
# memory appetite. When amount of memory allocated by SCTP exceeds
# this number, SCTP starts to moderate memory usage.
#
# pressure: This value was introduced to follow format of tcp_mem.
#
# max: Number of pages allowed for queueing by all SCTP sockets.
#
# Default is calculated at boot time from amount of available memory.
#
net.sctp.sctp_rmem =
# Only the first value ("min") is used, "default" and "max" are
# ignored.
#
# min: Minimal size of receive buffer used by SCTP socket.
# It is guaranteed to each SCTP socket (but not association) even
# under moderate memory pressure.
#
# Default: 1 page
#
net.sctp.sctp_wmem =
# Currently this tunable has no effect.
#
net.sctp.addr_scope_policy = 1
# Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
#
# 0 - Disable IPv4 address scoping
# 1 - Enable IPv4 address scoping
# 2 - Follow draft but allow IPv4 private addresses
# 3 - Follow draft but allow IPv4 link local addresses
#
# Default: 1
#
#
##################################
#/proc/sys/net/core/* Variables:
##################################
# Please see: Documentation/sysctl/net.txt for descriptions of these entries.
#
#
##################################
# /proc/sys/net/unix/* Variables:
##################################
net.unix.max_dgram_qlen = 10
# The maximum length of dgram socket receive queue
#
# Default: 10
#
#
##################################
#UNDOCUMENTED:
##################################
#
##################################
#/proc/sys/net/irda/* Variables:
##################################
net.irda.fast_poll_increase =
net.irda.warn_noreply_time =
net.irda.discovery_slots =
net.irda.slot_timeout =
net.irda.max_baud_rate =
net.irda.discovery_timeout =
net.irda.lap_keepalive_time =
net.irda.max_noreply_time =
net.irda.max_tx_data_size =
net.irda.max_tx_window =
net.irda.min_tx_turn_time =
net.ipv4.route.gc_thresh = 4096
Raw
test.conf
# Show all system parameters with their values (default or changed)
### v.22.09.2015
# sysctl -A or via -> sysctl -a | grep tcp
### Show values of parameters modified by you
# sysctl -p
### Show value for a single parameter parameter-name
# sysctl parameter-name
### Change value for a single parameter parameter-name without editing sysctl.conf manually.
# sysctl -w parameter-name = parameter-value
# # sysctl -a | grep ipv6 sysctl
## sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
## CPU type, network iface names and such stuff needs to be manually configurated
# as per needs.
# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0
# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0
# Stealth IP networking
#net.inet.ip.stealth = 0
# Drop synfin packets
#net.inet.tcp.drop_synfin = 1
# ICMP may NOT rst
#net.inet.tcp.icmp_may_rst = 0
###############################
############ IPv4 #############
###############################
net.ipv4.ip_forward = 1
#net.ipv4.ip_forward_use_pmtu = 0
#net.ipv4.fwmark_reflect = 0
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 0
#net.ipv4.ip_early_demux = true
net.ipv4.xfrm4_gc_thresh = 131072
#net.ipv4.igmp_link_local_mcast_reports = true
net.ipv4.ip_default_ttl = 64
# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 900
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.igmp_max_msf = 10
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = false
# Disable all ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = false
net.ipv4.conf.lo.accept_redirects = false
net.ipv4.conf.default.accept_redirects = false
net.ipv4.conf.all.secure_redirects = false
# fix this .... :(
#net.irda.fast_poll_increase =
#net.irda.warn_noreply_time =
#net.irda.discovery_slots =
#net.irda.slot_timeout =
#net.irda.max_baud_rate =
#net.irda.discovery_timeout =
#net.irda.lap_keepalive_time =
#net.irda.max_noreply_time =
#net.irda.max_tx_data_size =
#net.irda.max_tx_window =
#net.irda.min_tx_turn_time =
# fix²
#net.sctp.addip_enable = 0
#net.sctp.addip_noauth_enable = 0
#net.sctp.auth_enable = 0
#net.sctp.prsctp_enable = 1
#net.sctp.max_burst = 4
#net.sctp.association_max_retrans = 12
#net.sctp.max_init_retransmits = 10
#net.sctp.path_max_retrans = 5
#net.sctp.pf_retrans = 0
#net.sctp.rto_initial = 3000
#net.sctp.rto_ma = 60000
#net.sctp.rto_min = 1000
#net.sctp.hb_interval = 30000
#net.sctp.sack_timeout = 200
#net.sctp.valid_cookie_life = 60000
#net.sctp.cookie_preserve_enable = 1
#net.sctp.cookie_hmac_alg = sha1
#net.sctp.rcvbuf_policy = 0
#net.sctp.sndbuf_policy = 0
#net.sctp.sctp_mem.pressure = ?
#net.sctp.sctp_rmem = 1
#net.sctp.sctp_wmem = ?
#net.sctp.addr_scope_policy = 1
# TCP SYN cookie protection (default) helps protect
# against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
#net.ipv4.tcp_syncookies = true
# TCP Explicit Congestion Notification
#net.ipv4.tcp_ecn = 2
#net.ipv4.tcp_ecn_fallback = 1
#net.ipv4.tcp_reordering = 3
#net.ipv4.tcp_max_reordering = 300
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = true
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 60
# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1000
# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = true
# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 1
# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1
## TCP timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = false
# Enable ignoring broadcasts request (Default 1)
net.ipv4.icmp_echo_ignore_broadcasts = true
#
#net.ipv4.icmp_ratemask = 6168
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = true
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 512
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 100000
# Ignore all ICMP Echo spam - Don't ignore directed pings!
net.ipv4.icmp_echo_ignore_all = false
# Allowed local port range
#net.ipv4.ip_local_port_range = 32768 60999
# This may cause dropped frames with load-balancing and NATs,
# only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
# 1 0 can break clients behind NAT
#net.ipv4.tcp_tw_reuse = true
#net.ipv4.tcp_tw_recycle = false
# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 8
# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0
#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600
#net.ipv4.conf.<device>.rp_filter = 1
#net.tcp.default_init_rwnd = 60
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 4
#net.ipv4.route.flush = 1
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
#net.ipv4.tcp_rme = 6144 87380 1048576
net.ipv4.tcp_wmem = 6144 87380 1048576
net.ipv4.tcp_mem = 65536 131072 262144
# The default value held by this entry varies
#heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max =
net.ipv4.tcp_fack = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = cubic
# More speed with -> net.ipv4.tcp_congestion_control = htcp
# or hybla
net.ipv4.tcp_moderate_rcvbuf = true
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 16777216
# Increase RPC slots
#sunrpc.tcp_slot_table_entries = 32
#sunrpc.udp_slot_table_entries = 32
# .autoconf set to 0 if you use a static ip!
#net.ipv4.tcp_min_tso_segs = 2
#net.ipv4.tcp_pacing_ss_ratio = 250
#net.ipv4.tcp_pacing_ca_ratio = 120
#net.ipv4.tcp_notsent_lowat = 0xFFFFFFFF
net.ipv4.tcp_workaround_signed_windows = false
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = false
net.ipv4.tcp_thin_dupack = false
net.ipv4.tcp_stdurg = false
#net.ipv4.tcp_limit_output_bytes = 131072
net.ipv4.tcp_slow_start_after_idle = true
net.ipv4.tcp_retrans_collapse = true
net.ipv4.tcp_mtu_probing = 1
#net.ipv4.tcp_probe_interval =
#net.ipv4.tcp_probe_threshold =
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_cookie_size = 0
net.ipv4.tcp_orphan_retries = 8
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_low_latency = 0
#net.ipv4.tcp_invalid_ratelimit = 1000
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
#net.ipv4.tcp_early_retrans = 3
#net.ipv4.tcp_dma_copybreak = 4096
#net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
#net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
#net.ipv4.tcp_fastopen = 3
#####
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
#deprecated for ipv4
#net.ipv4.route.max_size = 524288
#
net.ipv4.route.gc_timeout = 600
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 32768
#####
# http://lartc.org/howto/lartc.kernel.obscure.html
# http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
####
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = false
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 900
net.ipv4.ipfrag_time = 40
######
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 6
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#####
net.ipv4.conf.rmnet1.forwarding = true
net.ipv4.conf.rmnet1.mc_forwarding = true
net.ipv4.conf.rmnet1.accept_redirects = false
net.ipv4.conf.rmnet1.secure_redirects = false
net.ipv4.conf.rmnet1.shared_media = true
net.ipv4.conf.rmnet1.rp_filter = 1
net.ipv4.conf.rmnet1.send_redirects = 1
net.ipv4.conf.rmnet1.accept_source_route = true
net.ipv4.conf.rmnet1.accept_local = false
net.ipv4.conf.rmnet1.src_valid_mark = 0
net.ipv4.conf.rmnet1.proxy_arp = 0
net.ipv4.conf.rmnet1.medium_id = -1
#net.ipv4.conf.rmnet1.bootp_relay = false
net.ipv4.conf.rmnet1.log_martians = 1
net.ipv4.conf.rmnet1.tag = 0
net.ipv4.conf.rmnet1.arp_filter = true
net.ipv4.conf.rmnet1.arp_announce = 0
net.ipv4.conf.rmnet1.arp_ignore = 1
net.ipv4.conf.rmnet1.arp_accept = false
net.ipv4.conf.rmnet1.arp_notify = false
net.ipv4.conf.rmnet1.proxy_arp_pvlan = false
net.ipv4.conf.rmnet1.disable_xfrm = false
net.ipv4.conf.rmnet1.disable_policy = 0
net.ipv4.conf.rmnet1.force_igmp_version = 0
net.ipv4.conf.rmnet1.promote_secondaries = false
#####
net.ipv4.conf.rmnet2.forwarding = true
net.ipv4.conf.rmnet2.mc_forwarding = 0
net.ipv4.conf.rmnet2.accept_redirects = false
net.ipv4.conf.rmnet2.secure_redirects = false
net.ipv4.conf.rmnet2.shared_media = true
net.ipv4.conf.rmnet2.rp_filter = 1
net.ipv4.conf.rmnet2.send_redirects = 1
net.ipv4.conf.rmnet2.accept_source_route = true
net.ipv4.conf.rmnet2.accept_local = false
net.ipv4.conf.rmnet2.src_valid_mark = 0
net.ipv4.conf.rmnet2.proxy_arp = 0
net.ipv4.conf.rmnet2.medium_id = -1
net.ipv4.conf.rmnet2.bootp_relay = 0
net.ipv4.conf.rmnet2.log_martians = 1
net.ipv4.conf.rmnet2.tag = 0
net.ipv4.conf.rmnet2.arp_filter = true
net.ipv4.conf.rmnet2.arp_announce = 0
net.ipv4.conf.rmnet2.arp_ignore = 1
net.ipv4.conf.rmnet2.arp_accept = false
net.ipv4.conf.rmnet2.arp_notify = false
net.ipv4.conf.rmnet2.proxy_arp_pvlan = false
net.ipv4.conf.rmnet2.disable_xfrm = false
net.ipv4.conf.rmnet2.disable_policy = 0
net.ipv4.conf.rmnet2.force_igmp_version = 0
net.ipv4.conf.rmnet2.promote_secondaries = false
#####
#net.ipv4.conf.rndis0.forwarding = true
#net.ipv4.conf.rndis0.mc_forwarding = 0
#net.ipv4.conf.rndis0.accept_redirects = false
#net.ipv4.conf.rndis0.secure_redirects = false
#net.ipv4.conf.rndis0.shared_media = true
#net.ipv4.conf.rndis0.rp_filter = 1
#net.ipv4.conf.rndis0.send_redirects = 1
#net.ipv4.conf.rndis0.accept_source_route = 0
#net.ipv4.conf.rndis0.accept_local = false
#net.ipv4.conf.rndis0.src_valid_mark = 0
#net.ipv4.conf.rndis0.proxy_arp = 0
#net.ipv4.conf.rndis0.medium_id = -1
#net.ipv4.conf.rndis0.bootp_relay = 0
#net.ipv4.conf.rndis0.log_martians = 1
#net.ipv4.conf.rndis0.tag = 0
#net.ipv4.conf.rndis0.arp_filter = true
#net.ipv4.conf.rndis0.arp_announce = 0
#net.ipv4.conf.rndis0.arp_ignore = 1
#net.ipv4.conf.rndis0.arp_accept = false
#net.ipv4.conf.rndis0.arp_notify = false
#net.ipv4.conf.rndis0.proxy_arp_pvlan = false
#net.ipv4.conf.rndis0.disable_xfrm = false
#net.ipv4.conf.rndis0.disable_policy = 0
#net.ipv4.conf.rndis0.force_igmp_version = 0
#net.ipv4.conf.rndis0.promote_secondaries = false
#####
#net.ipv4.neigh.rndis0.mcast_solicit = 3
#net.ipv4.neigh.rndis0.ucast_solicit = 3
#net.ipv4.neigh.rndis0.app_solicit = 0
#net.ipv4.neigh.rndis0.retrans_time = 100
#net.ipv4.neigh.rndis0.base_reachable_time = 30
#net.ipv4.neigh.rndis0.delay_first_probe_time = 5
#net.ipv4.neigh.rndis0.gc_stale_time = 60
#net.ipv4.neigh.rndis0.unres_qlen = 31
#net.ipv4.neigh.rndis0.proxy_qlen = 64
#net.ipv4.neigh.rndis0.anycast_delay = 100
#net.ipv4.neigh.rndis0.proxy_delay = 80
#net.ipv4.neigh.rndis0.locktime = 120
#net.ipv4.neigh.rndis0.retrans_time_ms = 1000
#net.ipv4.neigh.rndis0.base_reachable_time_ms = 30000
#####
#net.ipv4.neigh.rmnet2.mcast_solitic = 3
net.ipv4.neigh.rmnet2.ucast_solicit = 3
net.ipv4.neigh.rmnet2.app_solicit = 0
net.ipv4.neigh.rmnet2.retrans_time = 100
net.ipv4.neigh.rmnet2.base_reachable_time = 30
net.ipv4.neigh.rmnet2.delay_first_probe_time = 5
net.ipv4.neigh.rmnet2.gc_stale_time = 60
net.ipv4.neigh.rmnet2.unres_qlen = 31
net.ipv4.neigh.rmnet2.proxy_qlen = 64
net.ipv4.neigh.rmnet2.anycast_delay = 100
net.ipv4.neigh.rmnet2.proxy_delay = 80
net.ipv4.neigh.rmnet2.locktime = 100
net.ipv4.neigh.rmnet2.retrans_time_ms = 1000
net.ipv4.neigh.rmnet2.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet1.mcast_solicit = 3
net.ipv4.neigh.rmnet1.ucast_solicit = 3
net.ipv4.neigh.rmnet1.app_solicit = 0
net.ipv4.neigh.rmnet1.retrans_time = 100
net.ipv4.neigh.rmnet1.base_reachable_time = 30
net.ipv4.neigh.rmnet1.delay_first_probe_time = 5
net.ipv4.neigh.rmnet1.gc_stale_time = 60
net.ipv4.neigh.rmnet1.unres_qlen = 31
net.ipv4.neigh.rmnet1.proxy_qlen = 64
net.ipv4.neigh.rmnet1.anycast_delay = 100
net.ipv4.neigh.rmnet1.proxy_delay = 80
net.ipv4.neigh.rmnet1.locktime = 100
net.ipv4.neigh.rmnet1.retrans_time_ms = 1000
net.ipv4.neigh.rmnet1.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet0.mcast_solicit = 3
net.ipv4.neigh.rmnet0.ucast_solicit = 3
net.ipv4.neigh.rmnet0.app_solicit = 0
net.ipv4.neigh.rmnet0.retrans_time = 100
net.ipv4.neigh.rmnet0.base_reachable_time = 30
net.ipv4.neigh.rmnet0.delay_first_probe_time = 5
net.ipv4.neigh.rmnet0.gc_stale_time = 60
net.ipv4.neigh.rmnet0.unres_qlen = 31
net.ipv4.neigh.rmnet0.proxy_qlen = 64
net.ipv4.neigh.rmnet0.anycast_delay = 100
net.ipv4.neigh.rmnet0.proxy_delay = 80
net.ipv4.neigh.rmnet0.locktime = 100
net.ipv4.neigh.rmnet0.retrans_time_ms = 1000
net.ipv4.neigh.rmnet0.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 31
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 31
######
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
#net.ipv4.neigh.lo.unres_qlen_bytes = 31
#####
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 31
#####
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
#net.ipv4.neigh.sit0.unres_qlen_bytes = 31
#####
#net.ipv4.neigh.wlan0.anycast_delay = 100
#net.ipv4.neigh.wlan0.app_solicit = 0
#net.ipv4.neigh.wlan0.base_reachable_time = 30
#net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv4.neigh.wlan0.delay_first_probe_time = 5
#net.ipv4.neigh.wlan0.gc_stale_time = 60
#net.ipv4.neigh.wlan0.locktime = 100
#net.ipv4.neigh.wlan0.mcast_solicit = 3
#net.ipv4.neigh.wlan0.proxy_delay = 80
#net.ipv4.neigh.wlan0.proxy_qlen = 64
#net.ipv4.neigh.wlan0.retrans_time = 100
#net.ipv4.neigh.wlan0.retrans_time_ms = 1000
#net.ipv4.neigh.wlan0.ucast_solicit = 3
#net.ipv4.neigh.wlan0.unres_qlen = 35
#net.ipv4.neigh.wlan0.unres_qlen_bytes = 31
#net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_log_invalid = 0
#net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
#net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
#net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
#net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 15
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 75
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 240
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
#net.ipv4.ping_group_range = 0 2147483647
#net.ipv4.ip_local_reserved_ports =
#####
#net.ipv4.conf.all.route_localnet = false
net.ipv4.conf.all.accept_local = false
net.ipv4.conf.all.arp_accept = false
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = true
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = false
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = false
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = true
net.ipv4.conf.all.mc_forwarding = true
net.ipv4.conf.all.medium_id = -1
net.ipv4.conf.all.promote_secondaries = false
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = false
net.ipv4.conf.all.shared_media = true
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
#net.ipv4.igmpv2_unsolicited_report_interval = 10000
#net.ipv4.igmpv3_unsolicited_report_interval = 10000
######
net.ipv4.conf.default.accept_local = false
net.ipv4.conf.default.arp_accept = false
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = true
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = false
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = false
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = true
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.mc_forwarding = true
net.ipv4.conf.default.medium_id = -1
net.ipv4.conf.default.promote_secondaries = false
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = false
net.ipv4.conf.default.secure_redirects = false
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.shared_media = true
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
#####
#net.ipv4.conf.all.use_tempaddr = -1
net.ipv4.conf.ip6tnl0.accept_local = false
net.ipv4.conf.ip6tnl0.accept_redirects = false
net.ipv4.conf.ip6tnl0.accept_source_route = true
net.ipv4.conf.ip6tnl0.arp_accept = false
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = true
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = false
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = false
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = true
net.ipv4.conf.ip6tnl0.log_martians = 1
net.ipv4.conf.ip6tnl0.mc_forwarding = true
net.ipv4.conf.ip6tnl0.medium_id = -1
net.ipv4.conf.ip6tnl0.promote_secondaries = false
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = false
net.ipv4.conf.ip6tnl0.rp_filter = 1
net.ipv4.conf.ip6tnl0.secure_redirects = false
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = true
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
######
net.ipv4.conf.rmnet0.forwarding = true
net.ipv4.conf.rmnet0.mc_forwarding = true
net.ipv4.conf.rmnet0.accept_redirects = false
net.ipv4.conf.rmnet0.secure_redirects = false
net.ipv4.conf.rmnet0.shared_media = true
net.ipv4.conf.rmnet0.rp_filter = 1
net.ipv4.conf.rmnet0.send_redirects = 1
net.ipv4.conf.rmnet0.accept_source_route = true
net.ipv4.conf.rmnet0.accept_local = false
net.ipv4.conf.rmnet0.src_valid_mark = 0
net.ipv4.conf.rmnet0.proxy_arp = 0
net.ipv4.conf.rmnet0.medium_id = -1
net.ipv4.conf.rmnet0.bootp_relay = 0
net.ipv4.conf.rmnet0.log_martians = 1
net.ipv4.conf.rmnet0.tag = 0
net.ipv4.conf.rmnet0.arp_filter = true
net.ipv4.conf.rmnet0.arp_announce = 0
net.ipv4.conf.rmnet0.arp_ignore = 1
net.ipv4.conf.rmnet0.arp_accept = false
net.ipv4.conf.rmnet0.arp_notify = false
net.ipv4.conf.rmnet0.proxy_arp_pvlan = false
net.ipv4.conf.rmnet0.disable_xfrm = false
net.ipv4.conf.rmnet0.disable_policy = 0
net.ipv4.conf.rmnet0.force_igmp_version = 0
net.ipv4.conf.rmnet0.promote_secondaries = false
######
net.ipv4.conf.lo.accept_local = false
net.ipv4.conf.lo.arp_accept = false
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = true
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = false
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = true
net.ipv4.conf.lo.mc_forwarding = true
net.ipv4.conf.lo.medium_id = -1
net.ipv4.conf.lo.promote_secondaries = false
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = false
net.ipv4.conf.lo.secure_redirects = false
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = true
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
#####
#net.ipv4.conf.p2p0.accept_local = false
#net.ipv4.conf.p2p0.accept_redirects = false
#net.ipv4.conf.p2p0.accept_source_route = true
#net.ipv4.conf.p2p0.arp_accept = false
#net.ipv4.conf.p2p0.arp_announce = 0
#net.ipv4.conf.p2p0.arp_filter = true
#net.ipv4.conf.p2p0.arp_ignore = 0
#net.ipv4.conf.p2p0.arp_notify = false
#net.ipv4.conf.p2p0.bootp_relay = 0
#net.ipv4.conf.p2p0.disable_policy = 0
#net.ipv4.conf.p2p0.disable_xfrm = false
#net.ipv4.conf.p2p0.force_igmp_version = 0
#net.ipv4.conf.p2p0.forwarding = true
#net.ipv4.conf.p2p0.log_martians = 1
#net.ipv4.conf.p2p0.mc_forwarding = true
#net.ipv4.conf.p2p0.medium_id = -1
#net.ipv4.conf.p2p0.promote_secondaries = false
#net.ipv4.conf.p2p0.proxy_arp = 0
#net.ipv4.conf.p2p0.proxy_arp_pvlan = false
#net.ipv4.conf.p2p0.rp_filter = 1
#net.ipv4.conf.p2p0.secure_redirects = false
#net.ipv4.conf.p2p0.send_redirects = 1
#net.ipv4.conf.p2p0.shared_media = true
#net.ipv4.conf.p2p0.src_valid_mark = 0
#net.ipv4.conf.p2p0.tag = 0
#####
net.ipv4.conf.sit0.accept_local = false
net.ipv4.conf.sit0.accept_redirects = false
net.ipv4.conf.sit0.accept_source_route = true
net.ipv4.conf.sit0.arp_accept = false
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = true
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = false
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = false
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = true
net.ipv4.conf.sit0.log_martians = 1
net.ipv4.conf.sit0.mc_forwarding = true
net.ipv4.conf.sit0.medium_id = -1
net.ipv4.conf.sit0.promote_secondaries = false
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = false
net.ipv4.conf.sit0.rp_filter = 1
net.ipv4.conf.sit0.secure_redirects = false
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = true
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
######
#net.ipv4.conf.wlan0.accept_local = false
#net.ipv4.conf.wlan0.accept_redirects = false
#net.ipv4.conf.wlan0.accept_source_route = true
#net.ipv4.conf.wlan0.arp_accept = false
#net.ipv4.conf.wlan0.arp_announce = 0
#net.ipv4.conf.wlan0.arp_filter = true
#net.ipv4.conf.wlan0.arp_ignore = 0
#net.ipv4.conf.wlan0.arp_notify = false
#net.ipv4.conf.wlan0.bootp_relay = 0
#net.ipv4.conf.wlan0.disable_policy = 0
#net.ipv4.conf.wlan0.disable_xfrm = false
#net.ipv4.conf.wlan0.force_igmp_version = 0
#net.ipv4.conf.wlan0.forwarding = true
#net.ipv4.conf.wlan0.log_martians = 1
#net.ipv4.conf.wlan0.mc_forwarding = true
#net.ipv4.conf.wlan0.medium_id = -1
#net.ipv4.conf.wlan0.promote_secondaries = 1
#net.ipv4.conf.wlan0.proxy_arp = 0
#net.ipv4.conf.wlan0.proxy_arp_pvlan = false
#net.ipv4.conf.wlan0.rp_filter = 1
#net.ipv4.conf.wlan0.secure_redirects = false
#net.ipv4.conf.wlan0.send_redirects = 1
#net.ipv4.conf.wlan0.shared_media = true
#net.ipv4.conf.wlan0.src_valid_mark = 0
#net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = false
net.ipv4.icmp_ratelimit = 1000
#net.ipv4.icmp_msgs_per_sec = 1000
#net.ipv4.icmp_msgs_burst = 50
net.ipv4.igmp_max_memberships = 20
net.ipv4.conf.default.accept_redirects = false
#net.ipv4.igmp_qrv = 2
#net.ipv4.conf.all.igmp_max_memberships = 20
# Netfilter
########
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = ipt_LOG
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = ip6t_LOG
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE
net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_count = 36
net.netfilter.nf_conntrack_dccp_loose = 1
net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
net.netfilter.nf_conntrack_dccp_timeout_closing = 64
net.netfilter.nf_conntrack_dccp_timeout_open = 43200
net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
net.netfilter.nf_conntrack_dccp_timeout_request = 240
net.netfilter.nf_conntrack_dccp_timeout_respond = 480
net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 50168
net.netfilter.nf_conntrack_expect_max = 256
net.netfilter.nf_conntrack_frag6_high_thresh = 262144
net.netfilter.nf_conntrack_frag6_low_thresh = 196608
net.netfilter.nf_conntrack_frag6_timeout = 60
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 360
#net.netfilter.nf_conntrack_skip_filter = 1
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
net.netfilter.nf_conntrack_sctp_timeout_closed = 10
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180
# Disable bridge firewall'ing by default
#net.bridge.bridge-nf-call-arptables = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 0
#net.bridge.bridge-nf-pass-vlan-input-dev = 0
#net.bridge.bridge-nf-filter-pppoe-tagged = 0
#net.bridge.bridge-nf-filter-vlan-tagged = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 1
#net.bridge.bridge-nf-call-arptable = 1
# Disable IPv6
###############
net.ipv6.conf.all.disable_ipv6 = true
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1
###############################
# IPv6 -> http://test-ipv6.com + RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id = 14013
# https://code.google.com/p/android/issues/detail?id = 31102
# Only on Lollipop: RFC 6106
###############################
net.ipv6.ip_forward = 1
#net.ipv6.bindv6only = false
#net.ipv6.fwmark_reflect = 0
#net.ipv6.tcp_timestamps = 0
#net.ipv6.ip_forward_use_pmtu = 0
#net.ipv6.auto_flowlabels = 1
#net.ipv6.flowlabel_consistency = true
#net.ipv6.flowlabel_state_ranges = true
#net.ipv6.idgen_delay = 1
#net.ipv6.idgen_retries = 3
#net.ipv6.mld_qrv = 2
#net.ipv6.anycast_src_echo_reply = false
#net.ipv6.conf.all.suppress_frag_ndisc = 1
#net.ipv6.conf.all.stable_secret =
#net.ipv6.conf.all.fwmark_reflect = 0
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.conf.all.secure_redirects = false
#net.ipv6.conf.all.forwarding = true
#net.ipv6.conf.all.accept_redirects = false
#net.ipv6.conf.all.accept_ra_from_local = true
#net.ipv6.conf.all.accept_ra = 1
#net.ipv6.conf.all.accept_dad = 1
#net.ipv6.conf.all.accept_ra_rtr_pref = true
#net.ipv6.conf.all.accept_ra_pinfo = true
#net.ipv6.conf.all.accept_ra_defrtr = true
#net.ipv6.conf.all.use_tempaddr = -1
#net.ipv6.conf.all.temp_valid_lft = 604800
#net.ipv6.conf.all.autoconf = true
#net.ipv6.conf.all.accept_source_route = 0
#net.ipv6.conf.all.force_mld_version = 0
#net.ipv6.conf.all.force_tllao = false
#net.ipv6.conf.all.hop_limit = 64
#net.ipv6.conf.all.max_addresses = 16
#net.ipv6.conf.all.max_desync_factor = 600
#net.ipv6.conf.all.mtu = 1280
#net.ipv6.conf.all.optimistic_dad = false
#net.ipv6.conf.all.use_optimistic = false
#net.ipv6.conf.all.proxy_ndp = 2
#net.ipv6.conf.all.regen_max_retry = 5
#net.ipv6.conf.all.router_probe_interval = 60
#net.ipv6.conf.all.router_solicitation_delay = 1
#net.ipv6.conf.all.router_solicitation_interval = 4
#net.ipv6.conf.all.router_solicitations = 3
#net.ipv6.conf.all.temp_prefered_lft = 86400
#net.ipv6.conf.all.ip6frag_time = 60
#net.ipv6.conf.all.use_oif_addrs_only = false
#####
#net.ipv6.conf.default.secure_redirects = false
#net.ipv6.conf.default.autoconf = true
#net.ipv6.conf.default.stable_secret =
#net.ipv6.conf.default.suppress_frag_ndisc = 1
#net.ipv6.conf.default.accept_redirects = false
#net.ipv6.conf.default.use_tempaddr = -1
#net.ipv6.conf.default.accept_dad = 1
#net.ipv6.conf.default.accept_ra = 0
#net.ipv6.conf.default.accept_ra_defrtr = true
#net.ipv6.conf.default.accept_ra_pinfo = true
#net.ipv6.conf.default.accept_ra_rtr_pref = true
#net.ipv6.conf.default.accept_source_route = 0
#net.ipv6.conf.default.dad_transmits = 1
#net.ipv6.conf.default.force_mld_version = 0
#net.ipv6.conf.default.force_tllao = false
#net.ipv6.conf.default.forwarding = true
#net.ipv6.conf.default.hop_limit = 64
#net.ipv6.conf.default.max_addresses = 16
#net.ipv6.conf.default.max_desync_factor = 600
#net.ipv6.conf.default.mtu = 1280
#net.ipv6.conf.default.optimistic_dad = false
#net.ipv6.conf.default.proxy_ndp = 0
#net.ipv6.conf.default.regen_max_retry = 5
#net.ipv6.conf.default.router_probe_interval = 60
#net.ipv6.conf.default.router_solicitation_delay = 1
#net.ipv6.conf.default.accept_ra_from_local = true
#net.ipv6.conf.default.router_solicitation_interval = 4
#net.ipv6.conf.default.router_solicitations = 3
#net.ipv6.conf.default.temp_prefered_lft = 86400
#net.ipv6.conf.default.temp_valid_lft = 604800
#net.ipv6.conf.default.ndisc_notify = false
#net.ipv6.conf.default.use_oif_addrs_only = false
#net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.ip6tnl0.accept_ra_mtu = true
#net.ipv6.conf.ip6tnl0.forwarding = true
#net.ipv6.conf.ip6tnl0.hop_limit = 64
#net.ipv6.conf.ip6tnl0.mtu = 1452
#net.ipv6.conf.ip6tnl0.accept_ra = 2
#net.ipv6.conf.ip6tnl0.accept_redirects = false
#net.ipv6.conf.ip6tnl0.autoconf = true
#net.ipv6.conf.ip6tnl0.dad_transmits = 1
#net.ipv6.conf.ip6tnl0.router_solicitations = 3
#net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
#net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
#net.ipv6.conf.ip6tnl0.force_mld_version = 0
#net.ipv6.conf.ip6tnl0.use_tempaddr = -1
#net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
#net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
#net.ipv6.conf.ip6tnl0.regen_max_retry = 5
#net.ipv6.conf.ip6tnl0.max_desync_factor = 600
#net.ipv6.conf.ip6tnl0.max_addresses = 16
#net.ipv6.conf.ip6tnl0.accept_ra_defrtr = true
#net.ipv6.conf.ip6tnl0.accept_ra_pinfo = true
#net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = true
#net.ipv6.conf.ip6tnl0.router_probe_interval = 60
#net.ipv6.conf.ip6tnl0.proxy_ndp = 0
#net.ipv6.conf.ip6tnl0.accept_source_route = 0
#net.ipv6.conf.ip6tnl0.optimistic_dad = false
#net.ipv6.conf.ip6tnl0.disable_ipv6 = 1
#net.ipv6.conf.ip6tnl0.accept_dad = 1
#net.ipv6.conf.ip6tnl0.use_oif_addrs_only = false
#net.ipv6.conf.ip6tnl0.force_tllao = false
#net.ipv6.conf.ip6tnl0.ndisc_notify = false
#net.ipv6.conf.ip6tnl0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.ip6tnl0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.ip6tnl0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.lo.accept_dad = 1
#net.ipv6.conf.lo.accept_ra = 1
#net.ipv6.conf.lo.accept_ra_defrtr = true
#net.ipv6.conf.lo.accept_ra_pinfo = true
#net.ipv6.conf.lo.accept_ra_rtr_pref = true
#net.ipv6.conf.lo.accept_redirects = false
#net.ipv6.conf.lo.accept_source_route = 0
#net.ipv6.conf.lo.autoconf = true
#net.ipv6.conf.lo.dad_transmits = 1
#net.ipv6.conf.lo.force_mld_version = 0
#net.ipv6.conf.lo.force_tllao = false
#net.ipv6.conf.lo.forwarding = true
#net.ipv6.conf.lo.hop_limit = 64
#net.ipv6.conf.lo.max_addresses = 16
#net.ipv6.conf.lo.max_desync_factor = 600
#net.ipv6.conf.lo.mtu = 16436
#net.ipv6.conf.lo.optimistic_dad = 1
#net.ipv6.conf.lo.proxy_ndp = 0
#net.ipv6.conf.lo.regen_max_retry = 5
#net.ipv6.conf.lo.router_probe_interval = 60
#net.ipv6.conf.lo.router_solicitation_delay = 1
#net.ipv6.conf.lo.router_solicitation_interval = 4
#net.ipv6.conf.lo.router_solicitations = 3
#net.ipv6.conf.lo.temp_prefered_lft = 86400
#net.ipv6.conf.lo.temp_valid_lft = 604800
#net.ipv6.conf.lo.use_tempaddr = -1
#net.ipv6.conf.lo.use_oif_addrs_only = false
#net.ipv6.conf.lo.ndisc_notify = false
#net.ipv6.conf.lo.accept_ra_min_hop_limit = 1
#net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
######
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 1
#net.ipv6.conf.p2p0.accept_ra_defrtr = true
#net.ipv6.conf.p2p0.accept_ra_pinfo = true
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = true
#net.ipv6.conf.p2p0.accept_redirects = false
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = true
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 1
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = false
#net.ipv6.conf.p2p0.forwarding = true
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = false
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 5
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = -1
#net.ipv6.conf.p2p0.use_oif_addrs_only = false
#net.ipv6.conf.p2p0.ndisc_notify = false
#net.ipv6.conf.p2p0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.p2p0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.p2p0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.sit0.forwarding = true
#net.ipv6.conf.sit0.hop_limit = 64
#net.ipv6.conf.sit0.mtu = 1480
#net.ipv6.conf.sit0.accept_ra = 1
#net.ipv6.conf.sit0.accept_redirects = false
#net.ipv6.conf.sit0.autoconf = true
#net.ipv6.conf.sit0.dad_transmits = 1
#net.ipv6.conf.sit0.router_solicitations = 3
#net.ipv6.conf.sit0.router_solicitation_interval = 4
#net.ipv6.conf.sit0.router_solicitation_delay = 1
#net.ipv6.conf.sit0.force_mld_version = 0
#net.ipv6.conf.sit0.use_tempaddr = -1
#net.ipv6.conf.sit0.temp_valid_lft = 604800
#net.ipv6.conf.sit0.temp_prefered_lft = 86400
#net.ipv6.conf.sit0.regen_max_retry = 5
#net.ipv6.conf.sit0.max_desync_factor = 600
#net.ipv6.conf.sit0.max_addresses = 16
#net.ipv6.conf.sit0.accept_ra_defrtr = true
#net.ipv6.conf.sit0.accept_ra_pinfo = true
#net.ipv6.conf.sit0.accept_ra_rtr_pref = true
#net.ipv6.conf.sit0.router_probe_interval = 60
#net.ipv6.conf.sit0.proxy_ndp = 0
#net.ipv6.conf.sit0.accept_source_route = 0
#net.ipv6.conf.sit0.optimistic_dad = false
#net.ipv6.conf.sit0.disable_ipv6 = 1
#net.ipv6.conf.sit0.accept_dad = 1
#net.ipv6.conf.sit0.force_tllao = false
#net.ipv6.conf.sit0.use_oif_addrs_only = false
#net.ipv6.conf.sit0.ndisc_notify = false
#net.ipv6.conf.sit0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.sit0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.sit0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.wlan0.accept_dad = 1
#net.ipv6.conf.wlan0.accept_ra = 1
#net.ipv6.conf.wlan0.accept_ra_defrtr = true
#net.ipv6.conf.wlan0.accept_ra_pinfo = true
#net.ipv6.conf.wlan0.accept_ra_rtr_pref = true
#net.ipv6.conf.wlan0.accept_redirects = false
#net.ipv6.conf.wlan0.accept_source_route = 0
#net.ipv6.conf.wlan0.autoconf = true
#net.ipv6.conf.wlan0.dad_transmits = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.wlan0.force_mld_version = 0
#net.ipv6.conf.wlan0.force_tllao = false
#net.ipv6.conf.wlan0.forwarding = true
#net.ipv6.conf.wlan0.hop_limit = 64
#net.ipv6.conf.wlan0.max_addresses = 16
#net.ipv6.conf.wlan0.max_desync_factor = 600
#net.ipv6.conf.wlan0.mtu = 1500
#net.ipv6.conf.wlan0.optimistic_dad = false
#net.ipv6.conf.wlan0.proxy_ndp = 0
#net.ipv6.conf.wlan0.regen_max_retry = 5
#net.ipv6.conf.wlan0.router_probe_interval = 60
#net.ipv6.conf.wlan0.router_solicitation_delay = 5
#net.ipv6.conf.wlan0.router_solicitation_interval = 1
#net.ipv6.conf.wlan0.router_solicitations = 5
#net.ipv6.conf.wlan0.ndisc_notify = false
#net.ipv6.conf.wlan0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.wlan0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.wlan0.mldv1_unsolicited_report_interval = 10000
# sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
#net.ipv6.conf.wlan0.temp_prefered_lft = 86400
#net.ipv6.conf.wlan0.temp_valid_lft = 604800
#net.ipv6.conf.wlan0.use_tempaddr = -1
#net.ipv6.conf.wlan0.use_oif_addrs_only = false
#net.ipv6.icmp.ratelimit = 1000
#net.ipv6.ip6frag_high_thresh = 262144
#net.ipv6.ip6frag_low_thresh = 196608
#net.ipv6.ip6frag_secret_interval = 600
#net.ipv6.ip6frag_time = 60
#net.ipv6.mld_max_msf = 64
######
#net.ipv6.neigh.default.anycast_delay = 100
#net.ipv6.neigh.default.app_solicit = 0
#net.ipv6.neigh.default.base_reachable_time = 30
#net.ipv6.neigh.default.base_reachable_time_ms = 30000
#net.ipv6.neigh.default.delay_first_probe_time = 5
#net.ipv6.neigh.default.gc_interval = 30
#net.ipv6.neigh.default.gc_stale_time = 60
#net.ipv6.neigh.default.gc_thresh1 = 128
#net.ipv6.neigh.default.gc_thresh2 = 512
#net.ipv6.neigh.default.gc_thresh3 = 1024
#net.ipv6.neigh.default.locktime = 0
#net.ipv6.neigh.default.mcast_solicit = 3
#net.ipv6.neigh.default.proxy_delay = 80
#net.ipv6.neigh.default.proxy_qlen = 64
#net.ipv6.neigh.default.retrans_time = 200
#net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.neigh.default.ucast_solicit = 3
#net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 31
#####
#net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
#net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.app_solicit = 0
#net.ipv6.neigh.ip6tnl0.retrans_time = 200
#net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
#net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
#net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
#net.ipv6.neigh.ip6tnl0.unres_qlen = 3
#net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
#net.ipv6.neigh.ip6tnl0.anycast_delay = 100
#net.ipv6.neigh.ip6tnl0.proxy_delay = 80
#net.ipv6.neigh.ip6tnl0.locktime = 0
#net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
#net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
#net.ipv6.neigh.ip6tnl0.baccept_ra_min_hop_limit = 1
######
#net.ipv6.neigh.lo.app_solicit = 0
#net.ipv6.neigh.lo.anycast_delay = 100
#net.ipv6.neigh.lo.ucast_solicit = 3
#net.ipv6.neigh.lo.base_reachable_time = 30
#net.ipv6.neigh.lo.base_reachable_time_ms = 30000
#net.ipv6.neigh.lo.unres_qlen = 35
#net.ipv6.neigh.lo.delay_first_probe_time = 5
#net.ipv6.neigh.lo.gc_stale_time = 60
#net.ipv6.neigh.lo.locktime = 0
#net.ipv6.neigh.lo.proxy_delay = 80
#net.ipv6.neigh.lo.mcast_solicit = 3
#net.ipv6.neigh.lo.proxy_qlen = 64
#net.ipv6.neigh.lo.retrans_time = 200
#net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 31
#net.ipv6.neigh.lo.accept_ra_min_hop_limit = 1
######
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 31
#net.ipv6.neigh.p2p0.accept_ra_min_hop_limit = 1
#net.ipv6.icmp.xfrm6_gc_thresh = 2048
#net.ipv6.route.mtu_expires = 600
#net.ipv6.route.flush = 1
#net.ipv6.route.min_adv_mss = 1220
#net.ipv6.route.max_size = 4096
#net.ipv6.route.gc_timeout = 60
#net.ipv6.route.gc_thresh = 1024
#net.ipv6.route.gc_min_interval_ms = 500
#net.ipv6.route.gc_min_interval = 0
#net.ipv6.route.gc_interval = 30
#####
#net.ipv6.neigh.sit0.mcast_solicit = 3
#net.ipv6.neigh.sit0.proxy_qlen = 64
#net.ipv6.neigh.sit0.proxy_delay = 80
#net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.sit0.locktime = 0
#net.ipv6.neigh.sit0.delay_first_probe_time = 5
#net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
#net.ipv6.neigh.sit0.base_reachable_time = 30
#net.ipv6.neigh.sit0.gc_stale_time = 60
#net.ipv6.neigh.sit0.app_solicit = 0
#net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 31
#net.ipv6.neigh.sit0.unres_qlen = 35
#net.ipv6.neigh.sit0.ucast_solicit = 3
#net.ipv6.neigh.sit0.accept_ra_min_hop_limit = 1
#####
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 31
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.anycast_delay = 100
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
#net.ipv6.neigh.wlan0.unres_qlen = 35
#net.ipv6.neigh.wlan0.accept_ra_min_hop_limit = 1
#net.ipv6.route.gc_elasticity = 9
#net.ipv6.conf.rndis0.mtu = 1500
#net.ipv6.conf.rndis0.force_tllao = false
#net.ipv6.conf.rndis0.accept_dad = 1
#net.ipv6.conf.rndis0.disable_ipv6 = 1
#net.ipv6.conf.rndis0.optimistic_dad = false
#net.ipv6.conf.rndis0.accept_source_route = 0
#net.ipv6.conf.rndis0.proxy_ndp = 0
#net.ipv6.conf.rndis0.router_probe_interval = 60
#net.ipv6.conf.rndis0.accept_ra_rtr_pref = true
#net.ipv6.conf.rndis0.forwarding = true
#net.ipv6.conf.rndis0.hop_limit = 64
#net.ipv6.conf.rndis0.accept_ra = 1
#net.ipv6.conf.rndis0.accept_redirects = false
#net.ipv6.conf.rndis0.autoconf = true
#net.ipv6.conf.rndis0.dad_transmits = 1
#net.ipv6.conf.rndis0.router_solicitations = 3
#net.ipv6.conf.rndis0.router_solicitation_interval = 4
#net.ipv6.conf.rndis0.router_solicitation_delay = 1
#net.ipv6.conf.rndis0.force_mld_version = 0
#net.ipv6.conf.rndis0.use_tempaddr = -1
#net.ipv6.conf.rndis0.temp_valid_lft = 604800
#net.ipv6.conf.rndis0.temp_prefered_lft = 86400
#net.ipv6.conf.rndis0.regen_max_retry = 5
#net.ipv6.conf.rndis0.max_desync_factor = 600
#net.ipv6.conf.rndis0.max_addresses = 16
#net.ipv6.conf.rndis0.accept_ra_defrtr = true
#net.ipv6.conf.rndis0.accept_ra_pinfo = true
#net.ipv6.conf.rndis0.use_oif_addrs_only = false
#net.ipv6.conf.rndis0.ndisc_notify = false
#net.ipv6.conf.rndis0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rndis0.mldv1_unsolicited_report_interval = 10000
#####
net.ipv6.conf.rmnet2.forwarding = true
#net.ipv6.conf.rmnet2.hop_limit = 64
#net.ipv6.conf.rmnet2.mtu = 1500
#net.ipv6.conf.rmnet2.accept_ra = 1
#net.ipv6.conf.rmnet2.accept_redirects = false
#net.ipv6.conf.rmnet2.autoconf = true
#net.ipv6.conf.rmnet2.dad_transmits = 1
#net.ipv6.conf.rmnet2.router_solicitations = 3
#net.ipv6.conf.rmnet2.router_solicitation_interval = 4
#net.ipv6.conf.rmnet2.router_solicitation_delay = 1
#net.ipv6.conf.rmnet2.force_mld_version = 0
#net.ipv6.conf.rmnet2.use_tempaddr = -1
#net.ipv6.conf.rmnet2.temp_valid_lft = 604800
#net.ipv6.conf.rmnet2.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet2.regen_max_retry = 5
#net.ipv6.conf.rmnet2.max_desync_factor = 600
#net.ipv6.conf.rmnet2.max_addresses = 16
#net.ipv6.conf.rmnet2.accept_ra_defrtr = true
#net.ipv6.conf.rmnet2.accept_ra_pinfo = true
#net.ipv6.conf.rmnet2.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet2.router_probe_interval = 60
#net.ipv6.conf.rmnet2.proxy_ndp = 0
#net.ipv6.conf.rmnet2.accept_source_route = 0
#net.ipv6.conf.rmnet2.optimistic_dad = false
#net.ipv6.conf.rmnet2.accept_ra_rt_info_max_plen = 0
#net.ipv6.conf.rmnet2.disable_ipv6 = 1
#net.ipv6.conf.rmnet2.accept_dad = 1
#net.ipv6.conf.rmnet2.force_tllao = false
#net.ipv6.conf.rmnet2.use_oif_addrs_only = false
#net.ipv6.conf.rmnet2.ndisc_notify = false
#net.ipv6.conf.rmnet2.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet2.mldv1_unsolicited_report_interval = 10000
####
net.ipv6.conf.rmnet1.forwarding = true
#net.ipv6.conf.rmnet1.hop_limit = 64
#net.ipv6.conf.rmnet1.mtu = 1500
#net.ipv6.conf.rmnet1.accept_ra = 2
#net.ipv6.conf.rmnet1.accept_redirects = false
#net.ipv6.conf.rmnet1.autoconf = true
#net.ipv6.conf.rmnet1.dad_transmits = 1
#net.ipv6.conf.rmnet1.router_solicitations = 3
#net.ipv6.conf.rmnet1.router_solicitation_interval = 4
#net.ipv6.conf.rmnet1.router_solicitation_delay = 1
#net.ipv6.conf.rmnet1.force_mld_version = 0
#net.ipv6.conf.rmnet1.use_tempaddr = -1
#net.ipv6.conf.rmnet1.temp_valid_lft = 604800
#net.ipv6.conf.rmnet1.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet1.regen_max_retry = 5
#net.ipv6.conf.rmnet1.max_desync_factor = 600
#net.ipv6.conf.rmnet1.max_addresses = 16
#net.ipv6.conf.rmnet1.accept_ra_defrtr = true
#net.ipv6.conf.rmnet1.accept_ra_pinfo = true
#net.ipv6.conf.rmnet1.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet1.router_probe_interval = 60
#net.ipv6.conf.rmnet1.proxy_ndp = 0
#net.ipv6.conf.rmnet1.accept_source_route = 0
#net.ipv6.conf.rmnet1.optimistic_dad = false
#net.ipv6.conf.rmnet1.disable_ipv6 = 1
#net.ipv6.conf.rmnet1.accept_dad = 1
#net.ipv6.conf.rmnet1.force_tllao = false
#net.ipv6.conf.rmnet1.use_oif_addrs_only = false
#net.ipv6.conf.rmnet1.ndisc_notify = false
#net.ipv6.conf.rmnet1.accept_ra_rt_info_max_plen = 0
#net.ipv6.conf.rmnet1.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet1.mldv1_unsolicited_report_interval = 10000
####
#net.ipv6.conf.rmnet0.forwarding = true
#net.ipv6.conf.rmnet0.hop_limit = 64
#net.ipv6.conf.rmnet0.mtu = 1358
#net.ipv6.conf.rmnet0.accept_ra = 1
#net.ipv6.conf.rmnet0.accept_redirects = false
#net.ipv6.conf.rmnet0.autoconf = true
#net.ipv6.conf.rmnet0.dad_transmits = 1
#net.ipv6.conf.rmnet0.router_solicitations = 3
#net.ipv6.conf.rmnet0.router_solicitation_interval = 4
#net.ipv6.conf.rmnet0.router_solicitation_delay = 1
#net.ipv6.conf.rmnet0.force_mld_version = 0
#net.ipv6.conf.rmnet0.use_tempaddr = -1
#net.ipv6.conf.rmnet0.temp_valid_lft = 604800
#net.ipv6.conf.rmnet0.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet0.regen_max_retry = 5
#net.ipv6.conf.rmnet0.max_desync_factor = 600
#net.ipv6.conf.rmnet0.max_addresses = 16
#net.ipv6.conf.rmnet0.accept_ra_defrtr = true
#net.ipv6.conf.rmnet0.accept_ra_pinfo = true
#net.ipv6.conf.rmnet0.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet0.router_probe_interval = 60
#net.ipv6.conf.rmnet0.proxy_ndp = 0
#net.ipv6.conf.rmnet0.accept_source_route = 0
#net.ipv6.conf.rmnet0.optimistic_dad = false
#net.ipv6.conf.rmnet0.disable_ipv6 = 1
#net.ipv6.conf.rmnet0.accept_dad = 1
#net.ipv6.conf.rmnet0.force_tllao = false
#net.ipv6.conf.rmnet0.use_oif_addrs_only = false
#net.ipv6.conf.rmnet0.ndisc_notify = false
#net.ipv6.conf.rmnet0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet0.mldv1_unsolicited_report_interval = 10000
######
#net.ipv6.neigh.rndis0.mcast_solicit = 3
#net.ipv6.neigh.rndis0.ucast_solicit = 3
#net.ipv6.neigh.rndis0.app_solicit = 0
#net.ipv6.neigh.rndis0.retrans_time = 200
#net.ipv6.neigh.rndis0.base_reachable_time = 30
#net.ipv6.neigh.rndis0.delay_first_probe_time = 5
#net.ipv6.neigh.rndis0.gc_stale_time = 60
#net.ipv6.neigh.rndis0.unres_qlen = 3
#net.ipv6.neigh.rndis0.proxy_qlen = 64
#net.ipv6.neigh.rndis0.anycast_delay = 100
#net.ipv6.neigh.rndis0.proxy_delay = 80
#net.ipv6.neigh.rndis0.locktime = 0
#net.ipv6.neigh.rndis0.retrans_time_ms = 1000
#net.ipv6.neigh.rndis0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet2.mcast_solicit = 3
#net.ipv6.neigh.rmnet2.ucast_solicit = 3
#net.ipv6.neigh.rmnet2.app_solicit = 0
#net.ipv6.neigh.rmnet2.retrans_time = 200
#net.ipv6.neigh.rmnet2.base_reachable_time = 30
#net.ipv6.neigh.rmnet2.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet2.gc_stale_time = 60
#net.ipv6.neigh.rmnet2.unres_qlen = 3
#net.ipv6.neigh.rmnet2.proxy_qlen = 64
#net.ipv6.neigh.rmnet2.anycast_delay = 100
#net.ipv6.neigh.rmnet2.proxy_delay = 80
#net.ipv6.neigh.rmnet2.locktime = 0
#net.ipv6.neigh.rmnet2.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet2.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet1.mcast_solicit = 3
#net.ipv6.neigh.rmnet1.ucast_solicit = 3
#net.ipv6.neigh.rmnet1.app_solicit = 0
#net.ipv6.neigh.rmnet1.retrans_time = 200
#net.ipv6.neigh.rmnet1.base_reachable_time = 30
#net.ipv6.neigh.rmnet1.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet1.gc_stale_time = 60
#net.ipv6.neigh.rmnet1.unres_qlen = 3
#net.ipv6.neigh.rmnet1.proxy_qlen = 64
#net.ipv6.neigh.rmnet1.anycast_delay = 100
#net.ipv6.neigh.rmnet1.proxy_delay = 80
#net.ipv6.neigh.rmnet1.locktime = 0
#net.ipv6.neigh.rmnet1.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet1.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet0.mcast_solicit = 3
#net.ipv6.neigh.rmnet0.ucast_solicit = 3
#net.ipv6.neigh.rmnet0.app_solicit = 0
#net.ipv6.neigh.rmnet0.retrans_time = 200
#net.ipv6.neigh.rmnet0.base_reachable_time = 30
#net.ipv6.neigh.rmnet0.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet0.gc_stale_time = 60
#net.ipv6.neigh.rmnet0.unres_qlen = 3
#net.ipv6.neigh.rmnet0.proxy_qlen = 64
#net.ipv6.neigh.rmnet0.anycast_delay = 100
#net.ipv6.neigh.rmnet0.proxy_delay = 80
#net.ipv6.neigh.rmnet0.locktime = 0
#net.ipv6.neigh.rmnet0.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet0.base_reachable_time_ms = 30000
######
# /proc/sys/net/core - Network core options
###############
#net.core.bpf_jit_enable = 0
#net.core.default_qdisc = fq
net.core.rmem_default = 262144
net.core.wmem_default = 131072
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
#net.core.busy_read = 0
#net.core.busy_poll = 0
net.core.netdev_budget = 300
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
#net.core.hot_list_length = 1024
net.core.rmem_default = 163840
net.core.tstamp_allow_data = 1
net.core.rmem_max = 16777216
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 128
#net.core.warnings = 1
net.core.wmem_max = 16777216
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
#net.core.netdev_rss_key =
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 50168
net.phonet.local_port_range = 64 255
net.core.netdev_max_backlog = 3000
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
###############
net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576
###############################
# VM & Filesystem tweaks
# (e.g specifies amount of virtual RAM,
# if it should kill a task or not,
# how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 45
#fs.file-max = 80249
fs.nr_open = 1048576
fs.leases-enable = 1
#fs.inotify.max_queued_events = 16384
#fs.inotify.max_user_instances = 256
#fs.inotify.max_user_watches = 8192
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
fs.overflowuid = 65534
#fs.protected_symlinks = 1
vm.overcommit_memory = 1
vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
vm.overcommit_ratio = 0
vm.drop_caches = 0
#vm.extfrag_threshold = 500
vm.swappiness = 0
vm.dirty_writeback_centisecs = 2000
vm.dirty_expire_centisecs = 1000
#vm.dirty_ratio = 90
vm.highmem_is_dirtyable = 0
#vm.dirty_background_ratio = 70
#vm.max_map_count = 65530
vm.oom_kill_allocating_task = 0
vm.nr_pdflush_threads = 0
vm.mmap_min_addr = 4096
#vm.min_free_kbytes = 11264
vm.panic_on_oom = 0
vm.vfs_cache_pressure = 10
vm.laptop_mode = 0
vm.block_dump = 0
vm.scan_unevictable_pages = 0
vm.percpu_pagelist_fraction = 0
vm.stat_interval = 1
#vold.post_fs_data_done = 1
#vm.dirty_background_bytes = 0
#vm.dirty_bytes = 0
# Disables logging
###############
#rm /dev/log/main
dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 217429
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 15905 7235
#fs.inode-state = 20259 0 0 0 0 0 0
fs.suid_dumpable = 0
fs.pipe-max-size = 1048576
#kernel.auto_msgmni = 1
kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
###############
# Kernel params
###############
kernel.random.write_wakeup_threshold = 2048
#kernel.sched_features = 24189
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
kernel.sched_child_runs_first = 0
kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
kernel.watchdog = 1
#kernel.version = 479 SMP PREEMPT Mon Mar 30 13:32:29 CEST 2015
kernel.real-root-dev = 0
#kernel.sched_autogroup_enabled = 0
#kernel.sched_migration_cost_ns = 5000000
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
#kernel.sched_domain.cpu4.domain0.busy_factor = 64
#kernel.sched_domain.cpu4.domain0.busy_idx = 2
#kernel.sched_domain.cpu4.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu4.domain0.flags = 4143
#kernel.sched_domain.cpu4.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu4.domain0.idle_idx = 1
#kernel.sched_domain.cpu4.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu4.domain0.max_interval = 4
#kernel.sched_domain.cpu4.domain0.min_interval = 1
#kernel.sched_domain.cpu4.domain0.name = CPU
#kernel.sched_domain.cpu4.domain0.newidle_idx = 0
#kernel.sched_domain.cpu4.domain0.wake_idx = 0
kernel.sched_latency_ns = 10000000
kernel.sched_migration_cost = 500000
kernel.sched_min_granularity_ns = 2250000
kernel.sched_nr_migrate = 32
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_shares_window = 10000000
kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250 32000 32 128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
#kernel.shmall = 2097152 or 268435456 -> getconf PAGE_SIZE
#kernel.random.poolsize = 4096
kernel.shmmax = 33554432
kernel.shmmni = 4096
kernel.softlockup_panic = 1
kernel.tainted = 1
kernel.threads-max = 12542
kernel.timer_migration = 1
#kernel.usermodehelper.inheritable = 4294967295 4294967295
#kernel.usermodehelper.bset = 4294967295 4294967295
#kernel.random.uuid = 465b8dc9-8ba6-474d-a762-a932375082f0
#kernel.random.entropy_avail = 4096
kernel.random.read_wakeup_threshold = 4096
#kernel.random.boot_id = 77705164-182c-454a-ae31-6dc047e57c3e
kernel.auto_msgmni = 1
#kernel.maps_protect = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 1
kernel.dmesg_restrict = 2
kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
kernel.hostname = localhost
kernel.hotplug = /sbin/hotplug
kernel.hung_task_check_count = 32768
kernel.hung_task_panic = 1
kernel.hung_task_timeout_secs = 30
#kernel.hung_task_warnings = 10
kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 1
kernel.max_lock_depth = 1024
#kernel.numa_balancing = 1
kernel.msgmax = 65536
kernel.msgmnb = 65536
#kernel.msgmni = 1119
#kernel.ngroups_max = 65536
kernel.nmi_watchdog = 1
#kernel.osrelease = 4.1.1
kernel.ostype = Linux
#kernel.watchdog_cpumask = 0,2-4
kernel.overflowgid = 65534
kernel.overflowuid = 65534
#kernel.panic = 1
kernel.panic_on_oops = 1
kernel.pid_max = 65536
#kernel.panic_on_warn = 0
#kernel.perf_cpu_time_max_percent = 0
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
#kernel.printk = 4 4 1 7
#kernel.panic_on_unrecovered_nmi = 1
kernel.printk_delay = 0
#kernel.panic_on_stackoverflow = 1
kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.cad_pid = 1
kernel.randomize_va_space = 2
crypto.fips_status = 0
# Controls the System Request debugging functionality
# of the kernel (magic-sysrq key)
# 0 - disable sysrq completely
# 1 - enable all functions of sysrq
# >1 - bitmask of allowed sysrq functions
# (see below for detailed function description):
# 2 = 0x2 - enable control of console logging level
# 4 = 0x4 - enable control of keyboard (SAK, unraw)
# 8 = 0x8 - enable debugging dumps of processes etc.
# 16 = 0x10 - enable sync command
# 32 = 0x20 - enable remount read-only
# 64 = 0x40 - enable signalling of processes (term, kill, oom-kill)
# 128 = 0x80 - allow reboot/poweroff
# 256 = 0x100 - allow nicing of all RT tasks
kernel.sysrq = 1
###############
### CIPSOv4 ###
###############
# fixme
#cipso_cache_enable = true
#cipso_cache_bucket_size = 10
#cipso_rbm_optfmt = false
#cipso_rbm_structvalid = false
Raw
tweaked-sysctl.conf
# Kernel sysctl configuration for Android only! Needs Kernel above 2.6+ ~ 4.0
# For network and some tweaks only, do not set all params here -> overkill
# 2015 version by CHEF-KOCH
# EOL UNIX
# chmod 0.0 755 /etc/sysctl.conf or /system/etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled.
#
# ADDITIONAL INFO - MUST READ !!!
# http://linux.die.net/man/8/sysctl
# http://linux.die.net/man/5/sysctl.conf
# http://archive09.linux.com/feature/146599
# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/Documentation/networking/ip-sysctl.txt
# ^^ -> https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
# See http://goo.gl/krtf9 - Linux Memory Consumption - Nice article!
# See http://goo.gl/hFdNO - Memory and SuperCharging Overview, or... "Why 'Free RAM' Is NOT Wasted RAM!"
# See http://goo.gl/4w0ba - MFK Calculator Info - explanation for vm.min_free_kbytes.
# See http://goo.gl/P8Bvu - How Entropy-ness Enlarger works.
# See http://goo.gl/Zc85j - Possible reasons why it may actually do something
# See http://www.roms-au.com/faq/technical/ - Technical stuff about the Kernel
# See https://census.tsyrklevich.net/devices/129/sysctls
# See http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
# Script Manager available over here: http://play.google.com/store/apps/details?id=os.tools.scriptmanager
#
#1) First enable sysctl from Liberty settings, if you are on Liberty
#2) Run Root Explorer
#3) Modify /data/liberty/init.d.conf to make sure that sysctl is enabled ("sysctl = 1")
#4) Go to /system/etc/, and mount it r/w
#5) Modify sysctl.conf by long pressing the sysctl.conf file and selecting "Open in Text Editor." When finished, save the file and exit
#6) Run Terminal Emulator
#7) Type "sysctl -p" or "sysctl -w" (output should confirm whether you've done step 4&5 correctly)
#8) Check with "sysctl -a| grep vm" or "pgrep -f crond" in Terminal Emulator if all was done! ("sysctl -a" will display all the kernel settings!
#
# How to fix permission denied - try /sbin/sysctl -p
#
#
# You can verify the Linux networking kernel parms from the root user with these commands:
# e.g. sysctl -a | grep ipv4.ip_local
#mount -o rw,remount /system
# If not works for you try -> busybox sysctl -w
############
## Warning:
# -> This is a list of all -> really all Kernel parameters from sysctl, you kernel may not support all,
# so some entries may be skipped but it won't break something!
# https://gist.github.com/CHEF-KOCH/0001e66a8c10b1177abe
############
############
# IPv6 static address configuration for linux hosts
#
#net.ipv6.conf.eth0.accept_ra = 0
#
#NETWORKING_IPV6=yes
#IPV6FORWARDING=no
#IPV6_AUTOCONF=no
#IPV6_AUTOTUNNEL=no
#IPV6_DEFAULTGW=fe80::1
#IPV6_DEFAULTDEV=eth0
#
# In your script add
#IPV6INIT=yes
#IPV6ADDR=2607:f388:xxxx:yyyy::zzzz/64 # replace with your static address
############
# Disable bridge firewalling by default (deprecated)
# https://forum.openwrt.org/viewtopic.php?pid=143700#p143700
# /proc/sys/net/bridge/*
#net.bridge.bridge-nf-call-arptables = 1
#net.bridge.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge.bridge-nf-call-iptables = 1
#net.bridge.bridge-nf-filter-vlan-tagged = 0
#net.bridge.bridge-nf-filter-pppoe-tagged = 0
#net.bridge.bridge-nf-pass-vlan-input-dev = 0
#proc/sys/net/sctp/*
#RFC5061
#net.sctp.addip_enable = 0
#net.sctp.addip_noauth_enable = 0
#net.sctp.auth_enable = 0
#net.sctp.prsctp_enable = 1
#net.sctp.max_burst = 4
#net.sctp.association_max_retrans = 10
#net.sctp.max_init_retransmits = 8
#net.sctp.path_max_retrans = 5
#net.sctp.pf_retrans = 0
#net.sctp.rto_initial = 3000
#net.sctp.rto_max = 60000
#net.sctp.rto_min = 1000
#net.sctp.hb_interval = 30000
#net.sctp.sack_timeout = 200
#net.sctp.valid_cookie_life = 60000
#net.sctp.cookie_preserve_enable = 1
#net.sctp.cookie_hmac_alg = sha1
#net.sctp.rcvbuf_policy = 0
#net.sctp.sndbuf_policy = 0
#Default is calculated at boot time from amount of available memory
#net.sctp.sctp_mem =
#net.sctp.sctp_rmem = 1
# 0- 3
#net.sctp.sctp_wmem = 1
# Caching(deprecated)
# -1 means infinitive cacheing
#networkaddress.cache.ttl = 0
#networkaddress.cache.negative.ttl = 0 #Default 10
## WTF!
#profiler.force_disable_ulog=1
#rofiler.force_disable_err_rpt=1
# /WTF!
# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0
# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0
# Stealth IP networking
# net.inet.ip.stealth=0
# Drop synfin packets
# net.inet.tcp.drop_synfin=1
# Icmp may NOT rst (deprecated)
#net.inet.tcp.icmp_may_rst = 0
###############################
# IPv4
###############################
# Controls IP packet forwarding
#default 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 1
net.ipv4.xfrm4_gc_thresh = 131072
# RFC1700 Range between 1 and 255 inclusive are possible
net.ipv4.ip_default_ttl = 64
# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
#net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.igmp_max_msf = 10
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
#net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = 0
# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
#net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
# TCP SYN cookie protection (default) helps protect against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
# Needs kernel with CONFIG_SYN_COOKIES compiled
#net.ipv4.tcp_syncookies = 1
# TCP Explicit Congestion Notification
net.ipv4.tcp_ecn = 0
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1800
# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0
# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 0
# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1
## tcp timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 0
#net.ipv4.conf.eth0.log_martians = 0
# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024
# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000
# Ignore all ICMP Echo spam
net.ipv4.icmp_echo_ignore_all = 1
# Allowed local port range, default empty because redundant
#net.ipv4.ip_local_port_range = 32000 61000
# This may cause dropped frames with load-balancing and NATs, only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 1
net.ipv4.tcp_retries2 = 10
# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0
# By default we don't trust protocol path MTUs while forwarding because they could be easily forged and can lead to unwanted fragmentation by the router.
ip_forward_use_pmtu = 0
fwmark_reflect = 0
# From linux kernel 3.6 onwards, this is deprecated for ipv4 as route cache is no longer used.
#route/max_size =
# Undocumented !!!
# /proc/sys/net/irda/*
#net.irda.fast_poll_increase =
#net.irda.warn_noreply_time =
#net.irda.discovery_slots =
#net.irda.slot_timeout =
#net.irda.max_baud_rate =
#net.irda.discovery_timeout =
#net.irda.lap_keepalive_time =
#net.irda.max_noreply_time =
#net.irda.max_tx_data_size =
#net.irda.max_tx_window =
#net.irda.min_tx_turn_time =
#The maximum length of dgram socket receive queue
net.unix.max_dgram_qlen = 10
# 31 seconds (default 5)
net.ipv4.tcp_synack_retries = 5
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###########################################
#net.ipv4.igmp_max_memberships = 100
###########################################
#net.tcp.default_init_rwnd = 60 #deprecated
###########################################
net.ipv4.tcp_syn_retries = 5
###########################################
net.ipv4.route.flush = 1
###########################################
#net.ipv4.conf.<device>.rp_filter = 1
###########################################
net.ipv4.tcp_keepalive_probes = 5
###########################################
net.ipv4.tcp_keepalive_intvl = 60
###########################################
net.ipv4.tcp_rmem = '6144 87380 1048576'
###########################################
net.ipv4.tcp_wmem = '6144 87380 1048576'
###########################################
net.ipv4.tcp_mem = '187000 187000 187000'
###########################################
#The default value held by this entry varies heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max=
###########################################
#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600 #deprecated
###########################################
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 28800
###########################################
#net.ipv4.netfilter.ip_conntrack_max = 262144
###########################################
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
###########################################
net.ipv4.tcp_fack = 1
###########################################
net.ipv4.tcp_no_metrics_save = 1
###########################################
net.ipv4.tcp_congestion_control=cubic
###########################################
net.ipv4.tcp_moderate_rcvbuf = 1
###########################################
net.ipv4.udp_rmem_min = 6144
###########################################
net.ipv4.udp_wmem_min = 6144
###########################################
net.ipv4.udp_mem = 11799 15732 23598
###########################################
net.ipv4.tcp_workaround_signed_windows = 0
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###########################################
# .autoconf set to 0 if you use a static ip!
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_thin_dupack = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
# Minimum discovered Path MTU
net.ipv4.route.min_pmtu = 552
net.ipv4.route.max_size = 262144
net.ipv4.route.gc_timeout = 300
#Disable Path MTU Discovery. 0-3
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 35
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 35
#deprecated
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 65536
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
# Deprecated
#net.ipv4.neigh.lo.unres_qlen_bytes = 65536
#
# p2p0 iface
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 65536
# /p2p0 iface
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
net.ipv4.neigh.sit0.unres_qlen_bytes = 65536
net.ipv4.neigh.wlan0.anycast_delay = 100
net.ipv4.neigh.wlan0.app_solicit = 0
net.ipv4.neigh.wlan0.base_reachable_time = 30
net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan0.delay_first_probe_time = 5
net.ipv4.neigh.wlan0.gc_stale_time = 60
net.ipv4.neigh.wlan0.locktime = 100
net.ipv4.neigh.wlan0.mcast_solicit = 3
net.ipv4.neigh.wlan0.proxy_delay = 80
net.ipv4.neigh.wlan0.proxy_qlen = 64
net.ipv4.neigh.wlan0.retrans_time = 100
net.ipv4.neigh.wlan0.retrans_time_ms = 1000
net.ipv4.neigh.wlan0.ucast_solicit = 3
net.ipv4.neigh.wlan0.unres_qlen = 35
net.ipv4.neigh.wlan0.unres_qlen_bytes = 65536
net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.ping_group_range = 0 2147483647
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 16384
# Default empty because redundant
net.ipv4.ip_local_reserved_ports = 32000 61000
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.ip6tnl0.accept_local = 0
net.ipv4.conf.ip6tnl0.accept_redirects = 1
net.ipv4.conf.ip6tnl0.accept_source_route = 1
net.ipv4.conf.ip6tnl0.arp_accept = 0
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = 0
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = 0
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = 0
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = 0
net.ipv4.conf.ip6tnl0.log_martians = 0
net.ipv4.conf.ip6tnl0.mc_forwarding = 0
net.ipv4.conf.ip6tnl0.medium_id = 0
net.ipv4.conf.ip6tnl0.promote_secondaries = 0
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = 0
net.ipv4.conf.ip6tnl0.rp_filter = 0
net.ipv4.conf.ip6tnl0.secure_redirects = 1
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = 1
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.p2p0.accept_local = 0
net.ipv4.conf.p2p0.accept_redirects = 1
net.ipv4.conf.p2p0.accept_source_route = 1
net.ipv4.conf.p2p0.arp_accept = 0
net.ipv4.conf.p2p0.arp_announce = 0
net.ipv4.conf.p2p0.arp_filter = 0
net.ipv4.conf.p2p0.arp_ignore = 0
net.ipv4.conf.p2p0.arp_notify = 0
net.ipv4.conf.p2p0.bootp_relay = 0
net.ipv4.conf.p2p0.disable_policy = 0
net.ipv4.conf.p2p0.disable_xfrm = 0
net.ipv4.conf.p2p0.force_igmp_version = 0
net.ipv4.conf.p2p0.forwarding = 0
net.ipv4.conf.p2p0.log_martians = 0
net.ipv4.conf.p2p0.mc_forwarding = 0
net.ipv4.conf.p2p0.medium_id = 0
net.ipv4.conf.p2p0.promote_secondaries = 0
net.ipv4.conf.p2p0.proxy_arp = 0
net.ipv4.conf.p2p0.proxy_arp_pvlan = 0
net.ipv4.conf.p2p0.rp_filter = 0
net.ipv4.conf.p2p0.secure_redirects = 1
net.ipv4.conf.p2p0.send_redirects = 1
net.ipv4.conf.p2p0.shared_media = 1
net.ipv4.conf.p2p0.src_valid_mark = 0
net.ipv4.conf.p2p0.tag = 0
net.ipv4.conf.sit0.accept_local = 0
net.ipv4.conf.sit0.accept_redirects = 1
net.ipv4.conf.sit0.accept_source_route = 1
net.ipv4.conf.sit0.arp_accept = 0
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = 0
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = 0
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = 0
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = 0
net.ipv4.conf.sit0.log_martians = 0
net.ipv4.conf.sit0.mc_forwarding = 0
net.ipv4.conf.sit0.medium_id = 0
net.ipv4.conf.sit0.promote_secondaries = 0
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = 0
net.ipv4.conf.sit0.rp_filter = 0
net.ipv4.conf.sit0.secure_redirects = 1
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = 1
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
net.ipv4.conf.wlan0.accept_local = 0
net.ipv4.conf.wlan0.accept_redirects = 1
net.ipv4.conf.wlan0.accept_source_route = 1
net.ipv4.conf.wlan0.arp_accept = 0
net.ipv4.conf.wlan0.arp_announce = 0
net.ipv4.conf.wlan0.arp_filter = 0
net.ipv4.conf.wlan0.arp_ignore = 0
net.ipv4.conf.wlan0.arp_notify = 0
net.ipv4.conf.wlan0.bootp_relay = 0
net.ipv4.conf.wlan0.disable_policy = 0
net.ipv4.conf.wlan0.disable_xfrm = 0
net.ipv4.conf.wlan0.force_igmp_version = 0
net.ipv4.conf.wlan0.forwarding = 0
net.ipv4.conf.wlan0.log_martians = 0
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.conf.wlan0.medium_id = 0
net.ipv4.conf.wlan0.promote_secondaries = 1
net.ipv4.conf.wlan0.proxy_arp = 0
net.ipv4.conf.wlan0.proxy_arp_pvlan = 0
net.ipv4.conf.wlan0.rp_filter = 0
net.ipv4.conf.wlan0.secure_redirects = 1
net.ipv4.conf.wlan0.send_redirects = 1
net.ipv4.conf.wlan0.shared_media = 1
net.ipv4.conf.wlan0.src_valid_mark = 0
net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_max_memberships = 20
#net.netfilter.nf_log.0 =
#net.netfilter.nf_log.1 =
net.netfilter.nf_log.2 = ipt_LOG
#net.netfilter.nf_log.3 =
#net.netfilter.nf_log.4 =
#net.netfilter.nf_log.5 =
#net.netfilter.nf_log.6 =
#net.netfilter.nf_log.7 =
#net.netfilter.nf_log.8 =
#net.netfilter.nf_log.9 =
#net.netfilter.nf_log.10 =
#net.netfilter.nf_log.11 =
#net.netfilter.nf_log.12 =
#net.netfilter.nf_conntrack_buckets = 16384
#net.netfilter.nf_conntrack_count = 36
#net.netfilter.nf_conntrack_dccp_loose = 1
#net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
#net.netfilter.nf_conntrack_dccp_timeout_closing = 64
#net.netfilter.nf_conntrack_dccp_timeout_open = 43200
#net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
#net.netfilter.nf_conntrack_dccp_timeout_request = 240
#net.netfilter.nf_conntrack_dccp_timeout_respond = 480
#net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
#net.netfilter.nf_conntrack_events = 1
#net.netfilter.nf_conntrack_events_retry_timeout = 15
#net.netfilter.nf_conntrack_expect_max = 256
#net.netfilter.nf_conntrack_frag6_high_thresh = 262144
#net.netfilter.nf_conntrack_frag6_low_thresh = 196608
#net.netfilter.nf_conntrack_frag6_timeout = 60
#net.netfilter.nf_conntrack_generic_timeout = 600
#net.netfilter.nf_conntrack_icmp_timeout = 30
#net.netfilter.nf_conntrack_icmpv6_timeout = 30
#net.netfilter.nf_conntrack_log_invalid = 0
#net.netfilter.nf_conntrack_acct = 0
#net.netfilter.nf_conntrack_checksum = 1
#net.netfilter.nf_conntrack_tcp_timeout_established = 7440
#net.netfilter.nf_conntrack_udp_timeout = 60
#net.netfilter.nf_conntrack_udp_timeout_stream = 180
#net.netfilter.nf_conntrack_skip_filter = 1
#net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
#net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
#net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_max_retrans = 3
#net.netfilter.nf_conntrack_tcp_loose = 0
#net.netfilter.nf_conntrack_tcp_be_liberal = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
#net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
#net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
#net.netfilter.nf_conntrack_sctp_timeout_closed = 10
# sysctl -a | grep ipv6 sysctl
###############################
# IPv6 -> http://test-ipv6.com + RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id=14013
# https://code.google.com/p/android/issues/detail?id=31102
# Only on Lollipop: RFC 6106 + RFC3493
###############################
net.ipv6.bindv6only = FALSE
net.ipv6.flowlabel_consistency = TRUE
#RFC 6438
net.ipv6.auto_flowlabels = FALSE
net.ipv6.ip_forward = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_dad = 1
net.ipv6.conf.all.anycast_src_echo_reply = FALSE
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
#RFC3810
net.ipv6.conf.all.mld_qrv = 2
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.use_tempaddr = 1
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.all.use_tempaddr = 1
net.ipv6.conf.default.use_tempaddr = 1
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_source_route = 0
#sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
# Enable IPv6 forwarding.
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.optimistic_dad = 0
net.ipv6.conf.all.use_optimistic = 0
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.regen_max_retry = 5
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.default.accept_dad = 1
#normally this should't be controled by user /provider
#net.ipv6.binv6only = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.accept_ra_rtr_pref = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.optimistic_dad = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.regen_max_retry = 5
net.ipv6.conf.default.router_probe_interval = 60
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.ip6tnl0.accept_dad = 1
net.ipv6.conf.ip6tnl0.accept_ra = 2
net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1
net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1
net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = 1
net.ipv6.conf.ip6tnl0.accept_redirects = 1
net.ipv6.conf.ip6tnl0.accept_source_route = 0
net.ipv6.conf.ip6tnl0.autoconf = 1
net.ipv6.conf.ip6tnl0.dad_transmits = 1
net.ipv6.conf.ip6tnl0.disable_ipv6 = 0
net.ipv6.conf.ip6tnl0.force_mld_version = 0
net.ipv6.conf.ip6tnl0.force_tllao = 0
net.ipv6.conf.ip6tnl0.forwarding = 1
net.ipv6.conf.ip6tnl0.hop_limit = 64
net.ipv6.conf.ip6tnl0.max_addresses = 16
net.ipv6.conf.ip6tnl0.max_desync_factor = 600
net.ipv6.conf.ip6tnl0.mtu = 1452
net.ipv6.conf.ip6tnl0.optimistic_dad = 1
net.ipv6.conf.ip6tnl0.proxy_ndp = 0
net.ipv6.conf.ip6tnl0.regen_max_retry = 5
net.ipv6.conf.ip6tnl0.router_probe_interval = 60
net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
net.ipv6.conf.ip6tnl0.router_solicitations = 3
net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
net.ipv6.conf.ip6tnl0.use_tempaddr = 1
net.ipv6.conf.lo.accept_dad = 1
net.ipv6.conf.lo.accept_ra = 2
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mtu = 16436
net.ipv6.conf.lo.optimistic_dad = 1
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.regen_max_retry = 5
net.ipv6.conf.lo.router_probe_interval = 60
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitations = 3
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_tempaddr = -1
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 2
#net.ipv6.conf.p2p0.accept_ra_defrtr = 1
#net.ipv6.conf.p2p0.accept_ra_pinfo = 1
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = 1
#net.ipv6.conf.p2p0.accept_redirects = 1
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = 1
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 0
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = 0
#net.ipv6.conf.p2p0.forwarding = 1
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = 0
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 5
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = 1
net.ipv6.conf.sit0.accept_dad = -1
net.ipv6.conf.sit0.accept_ra = 2
net.ipv6.conf.sit0.accept_ra_defrtr = 1
net.ipv6.conf.sit0.accept_ra_pinfo = 1
net.ipv6.conf.sit0.accept_ra_rtr_pref = 1
net.ipv6.conf.sit0.accept_redirects = 1
net.ipv6.conf.sit0.accept_source_route = 0
net.ipv6.conf.sit0.autoconf = 1
net.ipv6.conf.sit0.dad_transmits = 1
net.ipv6.conf.sit0.disable_ipv6 = 0
net.ipv6.conf.sit0.force_mld_version = 0
net.ipv6.conf.sit0.force_tllao = 0
net.ipv6.conf.sit0.forwarding = 1
net.ipv6.conf.sit0.hop_limit = 64
net.ipv6.conf.sit0.max_addresses = 16
net.ipv6.conf.sit0.max_desync_factor = 600
net.ipv6.conf.sit0.mtu = 1480
net.ipv6.conf.sit0.optimistic_dad = 0
net.ipv6.conf.sit0.proxy_ndp = 0
net.ipv6.conf.sit0.regen_max_retry = 5
net.ipv6.conf.sit0.router_probe_interval = 60
net.ipv6.conf.sit0.router_solicitation_delay = 1
net.ipv6.conf.sit0.router_solicitation_interval = 4
net.ipv6.conf.sit0.router_solicitations = 3
net.ipv6.conf.sit0.temp_prefered_lft = 86400
net.ipv6.conf.sit0.temp_valid_lft = 604800
net.ipv6.conf.sit0.use_tempaddr = -1
net.ipv6.conf.wlan0.accept_dad = 1
net.ipv6.conf.wlan0.accept_ra = 2
net.ipv6.conf.wlan0.accept_ra_defrtr = 1
net.ipv6.conf.wlan0.accept_ra_pinfo = 1
net.ipv6.conf.wlan0.accept_ra_rtr_pref = 1
net.ipv6.conf.wlan0.accept_redirects = 1
net.ipv6.conf.wlan0.accept_source_route = 0
net.ipv6.conf.wlan0.autoconf = 1
net.ipv6.conf.wlan0.dad_transmits = 1
net.ipv6.conf.wlan0.disable_ipv6 = 0
net.ipv6.conf.wlan0.force_mld_version = 0
net.ipv6.conf.wlan0.force_tllao = 0
net.ipv6.conf.wlan0.forwarding = 1
net.ipv6.conf.wlan0.hop_limit = 64
net.ipv6.conf.wlan0.max_addresses = 16
net.ipv6.conf.wlan0.max_desync_factor = 600
net.ipv6.conf.wlan0.mtu = 1500
net.ipv6.conf.wlan0.optimistic_dad = 0
net.ipv6.conf.wlan0.proxy_ndp = 0
net.ipv6.conf.wlan0.regen_max_retry = 5
net.ipv6.conf.wlan0.router_probe_interval = 60
net.ipv6.conf.wlan0.router_solicitation_delay = 5
net.ipv6.conf.wlan0.router_solicitation_interval = 1
net.ipv6.conf.wlan0.router_solicitations = 5
#sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
net.ipv6.conf.wlan0.temp_prefered_lft = 86400
net.ipv6.conf.wlan0.temp_valid_lft = 604800
net.ipv6.conf.wlan0.use_tempaddr = 1
net.ipv6.icmp.ratelimit = 1000
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.secure_redirects = 0
#Maximum memory used to reassemble IPv6 fragments.
net.ipv6.ip6frag_high_thresh = 262144
net.ipv6.ip6frag_low_thresh = 196608
net.ipv6.ip6frag_secret_interval = 600
net.ipv6.ip6frag_time = 60
net.ipv6.mld_max_msf = 64
net.ipv6.neigh.default.anycast_delay = 100
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time = 30
net.ipv6.neigh.default.base_reachable_time_ms = 30000
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 80
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time = 200
net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.conf.default.secure_redirects = 0
net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
net.ipv6.neigh.ip6tnl0.locktime = 3
net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
net.ipv6.neigh.ip6tnl0.app_solicit = 0
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 65536
net.ipv6.neigh.ip6tnl0.anycast_delay = 100
net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.neigh.ip6tnl0.proxy_delay = 80
net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
net.ipv6.neigh.ip6tnl0.unres_qlen = 35
net.ipv6.neigh.ip6tnl0.retrans_time = 200
net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.unres_qlen_bytes = 65536
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.anycast_delay = 100
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.base_reachable_time = 30
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
net.ipv6.neigh.lo.unres_qlen = 35
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.proxy_delay = 80
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time = 200
net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 65536
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.neigh.sit0.delay_first_probe_time = 5
net.ipv6.neigh.sit0.gc_stale_time = 60
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.neigh.sit0.app_solicit = 0
net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 65536
net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
net.ipv6.neigh.sit0.base_reachable_time = 30
net.ipv6.xfrm6_gc_thresh = 2048
net.ipv6.route.mtu_expires = 600
net.ipv6.route.min_adv_mss = 1220
net.ipv6.route.max_size = 4096
net.ipv6.neigh.sit0.locktime = 0
net.ipv6.route.gc_timeout = 60
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_min_interval_ms = 500
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_interval = 30
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
net.ipv6.neigh.sit0.mcast_solicit = 3
net.ipv6.neigh.sit0.proxy_qlen = 64
net.ipv6.neigh.sit0.proxy_delay = 80
net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.anycast_delay = 100
net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 65536
net.ipv6.neigh.sit0.unres_qlen = 35
net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.sit0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
net.ipv6.neigh.wlan0.unres_qlen = 35
net.ipv6.route.gc_elasticity = 9
# Disable IPv6
#net.ipv6.conf.all.disable_ipv6 = 1
#net.ipv6.conf.default.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1
# Wireless + TCP Speed & Security Tweaks
net.core.wmem_max = 1048576
net.core.rmem_max = 1048576
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.optmem_max = 20480
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_max_backlog = 1000
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
net.core.rmem_default = 163840
net.core.rmem_max = 1048576
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 128
net.core.warnings = 1
net.core.wmem_default = 163840
net.core.wmem_max = 2097152
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 2000000
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180
#net.phonet.local_port_range = 64 127
#net.core.netdev_max_backlog = 2500
# Define TCP buffer sizes for various networks (Deprecated since Android 4+)
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
#net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
#net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
#net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
#net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
#net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
#net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576
# Set DNS to OpenDNS (not working since 4.x+)
# DNS will be change back to provider dns after each
# connectivity change 2G<->3G<->4G<->5G<->Wifi
# Use OverrideDNS app (the only working solution for now)
# Change DNS for tether AND mobile/wifi does not work
# because Android doesn't want that .... (will never be fixed)
#net.rmnet0.dns1 = 208.67.222.222
#net.rmnet0.dns2 = 208.67.220.220
#net.dns1 = 208.67.222.222
#net.dns2 = 208.67.220.220
###############################
# VM & Filesystem tweaks
# (specifies amount of virtual RAM,
# if it should kill a task or not, how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 20
#fs.lease-break-time = 1
#Increase system file descriptor limit
#fs.file-max = 65536
#fs.nr_open = 1048576
#fs.leases-enable = 1
#fs.inotify.max_queued_events = 32000
#fs.inotify.max_user_instances = 256
# Increase the number of possible inotify(7) watches
#fs.inotify.max_user_watches = 65536
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
#fs.overflowuid = 65534
#fs.protected_symlinks = 1
#vm.overcommit_memory = 1
#vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
#vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
#vm.overcommit_ratio = 50
#vm.drop_caches = 0
#vm.extfrag_threshold = 500
#vm.swappiness = 20
#vm.dirty_writeback_centisecs = 2000
#vm.dirty_expire_centisecs = 200
#vm.dirty_ratio = 95
#vm.highmem_is_dirtyable = 0
#vm.dirty_background_ratio = 60
#vm.max_map_count = 65530
#vm.dirty_writeback_centisecs = 500
#vm.oom_kill_allocating_task = 1
#vm.nr_pdflush_threads = 0
#vm.mmap_min_addr = 32768
#vm.overcommit_memory = 1
#vm.page-cluster = 3
#vm.min_free_kbytes = 8192
#vm.panic_on_oom = 0
#vm.vfs_cache_pressure = 10
#vm.laptop_mode = 0
#vm.block_dump = 0
#vm.scan_unevictable_pages = 0
#vm.percpu_pagelist_fraction = 0
#vm.stat_interval = 1
#vold.post_fs_data_done = 1
## Remove logging
#rm /dev/log/main
#dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 164828
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 20258 0
#fs.inode-state = 20259 0 0 0 0 0 0
#fs.suid_dumpable = 0
#kernel.auto_msgmni = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
###############################
# Kernel
###############################
#kernel.panic = 30
#kernel.panic_on_oops = 1
#kernel.msgmni = 2048
#kernel.random.read_wakeup_threshold = 128
#kernel.random.write_wakeup_threshold = 256
#kernel.shmmni = 4096
#kernel.sem = 500 512000 64 2048
#kernel.sched_features = 24189
#kernel.hung_task_timeout_secs = 30
#kernel.sched_latency_ns = 1000000
#kernel.sched_min_granularity_ns = 100000
#kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
#kernel.sched_child_runs_first = 0
#kernel.threads-max = 524288
#Allow for more PIDs
#kernel.pid_max = 65536
#Enable ExecShield protection
#kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.dmesg_restrict = 1
#kernel.kptr_restrict = 1
#net.core.bpf_jit_enable = 0
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
#kernel.watchdog = 1
#kernel.version =
#kernel.timer_migration = 1
#kernel.random.write_wakeup_threshold = 128
#kernel.randomize_va_space = 2
#kernel.real-root-dev = 0
#kernel.sched_child_runs_first = 0
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
#kernel.sched_latency_ns = 10000000
#kernel.sched_migration_cost = 500000
#kernel.sched_min_granularity_ns = 2250000
#kernel.sched_nr_migrate = 32
#kernel.sched_rt_period_us = 1000000
#kernel.sched_rt_runtime_us = 950000
#kernel.sched_shares_window = 10000000
#kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
#kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250 32000 32 128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
#kernel.shmall = 2097152
#kernel.random.poolsize = 4096
#kernel.shmmax = 33554432
#kernel.shmmni = 4096
#kernel.softlockup_panic = 1
#kernel.tainted = 0
#kernel.threads-max = 28158
#kernel.timer_migration = 1
#kernel.random.uuid =
#kernel.random.entropy_avail = 149
#kernel.random.read_wakeup_threshold = 64
#kernel.random.boot_id =
#kernel.auto_msgmni = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
#kernel.core_pattern = core
#kernel.core_pipe_limit = 0
#kernel.core_uses_pid = 0
#kernel.ctrl-alt-del = 1
#kernel.dmesg_restrict = 1
#kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
#kernel.hostname = localhost
#kernel.hotplug = /sbin/hotplug
#kernel.hung_task_check_count = 32768
#kernel.hung_task_panic = 1
#kernel.hung_task_timeout_secs = 0
#kernel.hung_task_warnings = 10
#kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
#kernel.keys.maxkeys = 200
#kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 2
#kernel.max_lock_depth = 1024
#kernel.msgmax = 8192
#kernel.msgmnb = 16384
#kernel.msgmni = 913
#kernel.ngroups_max = 65536
#kernel.nmi_watchdog = 1
#kernel.osrelease = 3.4.39-1187143
#kernel.ostype = Linux
#kernel.overflowgid = 65534
#kernel.overflowuid = 65534
#kernel.panic = 5
#kernel.panic_on_oops = 1
#kernel.pid_max = 32768
#kernel.poweroff_cmd = /sbin/poweroff
#kernel.print-fatal-signals = 0
#kernel.printk = 4 4 1 7
#kernel.printk_delay = 0
#kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
#kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024
# Controls the System Request debugging functionality of the kernel (magic-sysrq key)
#kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core fi
# Useful for debugging multi-threaded applications
#kernel.core_uses_pid = 1
# Controls the maximum size of a message, in bytes
#kernel.msgmnb = 65536
# Controls the default maximum size of a message queue
#kernel.msgmax = 65536
# Controls the maximum shared segment size, in bytes
#kernel.shmmax = 4294967295
# Controls the maximum number of shared memory segments, in page
#kernel.shmall = 268435456
###############################
# Logcat
#0 = enabled
#1 = enable at boot, but not when suspended
#2 = completely disabled
###############################
# echo 2 > /sys/module/logger/parameters/log_mode
###############################
# Interfaces - DO NOT change if you not know what you're doing!
###############################
#service.adb.tcp.port = 5555
#service.adb.tcp.port = -1
#net.eth0.gw = 10.0.2.2
#net.eth0.dns1 = 10.0.2.3
#net.gprs.local-ip = 10.0.2.15
#ro.radio.use-ppp = no
#ro.bt.bdaddr_path = "/efs/bluetooth/bt_addr"
#ro.nfc.port = "I2C"
#sys.usb.state = ${sys.usb.config}
#service.adb.root = 1
#wifi.interface = wlan0
#wifi.supplicant_scan_interval = 250
#mobiledata.interfaces = pdp0,wlan0,gprs,ppp0
#ro.telephony.ril_class = SamsungExynos4RIL
#ro.carrier = unknown
#net.bt.name = chefkoch
#ro.com.android.wifi-watchlist = ChefkochGuest
#ro.com.google.clientidbase = android-google
#persist.sys.usb.config = mass_storage,adb
#vm.dirty_background_bytes = 4194304
#vm.dirty_bytes = 4194304
##########Optional
####ip6tables -A INPUT -j REJECT -p tcp -dport 80 --reject-with tcp-reset
##########Optional CM 11/12
#adb remount
# adb shell
# vi /system/etc/init.d/08ipv6priv
#
# #!/system/bin/sh
# sysctl -w net.ipv6.conf.default.use_tempaddr=1
# sysctl -w net.ipv6.conf.all.use_tempaddr=1
#
# chmod 755 /system/etc/init.d/08ipv6priv
# mount -o remount,ro /system
# exit
##### *#*#4636#*#*
#mount -o ro,remount /system
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment