Last active
March 26, 2016 11:13
-
-
Save gleicon/b5d03320b5841109ebc7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Protection from SYN flood attack. | |
net.ipv4.tcp_syncookies = 1 | |
# Martians? Don't care. | |
net.ipv4.conf.all.log_martians = 0 | |
# Discourage Linux from swapping idle server processes to disk (default = 60) | |
vm.swappiness = 10 | |
vm.dirty_ratio = 60 | |
vm.dirty_background_ratio = 2 | |
# Increase number of incoming connections that can queue up before dropping. | |
net.core.somaxconn = 65535 | |
# Handle SYN floods and large numbers of valid HTTPS connections. | |
net.ipv4.tcp_max_syn_backlog = 30000 | |
# Increase the length of the network device input queue. | |
net.core.netdev_max_backlog = 5000 | |
# Increase system file descriptor limit so we will (probably) | |
# never run out under lots of concurrent requests. | |
# (Per-process limit is set in /etc/security/limits.conf) | |
fs.file-max = 1000000 | |
fs.nr_open = 1000000 | |
# Widen the port range used for outgoing connections. | |
net.ipv4.ip_local_port_range = 1024 65535 | |
# Up network memory. | |
net.core.wmem_max = 12582912 | |
net.core.rmem_max = 12582912 | |
net.ipv4.tcp_rmem = 10240 87380 12582912 | |
net.ipv4.tcp_wmem = 10240 87380 12582912 | |
# Up conntrack entries by 3x. | |
net.netfilter.nf_conntrack_max = 196608 | |
# Disable source routing and redirects. | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv4.conf.all.accept_source_route = 0 | |
# Disable packet forwarding. | |
net.ipv4.ip_forward = 0 | |
net.ipv6.conf.all.forwarding = 0 | |
# Disable TCP slow start on idle connections. | |
net.ipv4.tcp_slow_start_after_idle = 0 | |
# Disconnect dead TCP connections after 15 seconds. | |
net.ipv4.tcp_keepalive_time = 15 | |
net.ipv4.tcp_keepalive_intvl = 15 | |
net.ipv4.tcp_keepalive_probes = 5 | |
# Allow a high number of timewait sockets. | |
net.ipv4.tcp_max_tw_buckets = 2000000 | |
# Timeout broken connections faster (amount of time to wait for FIN). | |
net.ipv4.tcp_fin_timeout = 5 | |
# Let the networking stack reuse TIME_WAIT connections when it thinks | |
# it's safe to do so. | |
net.ipv4.tcp_tw_reuse = 1 | |
# aggresive non-nat time-wait recycle. test at your own risk. harmful for behind NAT computers. | |
net.ipv4.tcp_tw_recycle = 1 | |
# Set the wait time between keepalive interval probes (from 75 sec to 15). | |
net.ipv4.tcp_keepalive_intvl = 6 | |
# Set the number of probes before timing out (from 9 sec to 5 sec). | |
net.ipv4.tcp_keepalive_probes = 2 | |
# Disable tcp window scaling | |
net.ipv4.tcp_window_scaling=0 | |
# optimize for low latency, turn off tcp nagle | |
net.ipv4.tcp_low_latency=1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment