losywee/hardened.conf

## hardened.conf
# Show all system parameters with their values (default or changed)
# sysctl -A or via -> sysctl -a | grep tcp
### Show values of parameters modified by you
# sysctl -p
### Show value for a single parameter parameter-name
# sysctl parameter-name
### Change value for a single parameter parameter-name without editing sysctl.conf manually.
# sysctl -w parameter-name = parameter-value
# https://gist.github.com/CHEF-KOCH/0001e66a8c10b1177abe


# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0


# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0


# Stealth IP networking
#net.inet.ip.stealth = 0


# Drop synfin packets
#net.inet.tcp.drop_synfin = 1

# Icmp may NOT rst
#net.inet.tcp.icmp_may_rst = 0


###############################
# IPv4
###############################
net.ipv4.ip_forward = 1
#net.ipv4.ip_forward_use_pmtu = 0
#net.ipv4.fwmark_reflect = 0
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 0
net.ipv4.xfrm4_gc_thresh = 131072
net.ipv4.ip_default_ttl = 64

# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 900
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.igmp_max_msf = 10

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = 0


# Disable all ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0


# TCP SYN cookie protection (default) helps protect
# against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
#net.ipv4.tcp_syncookies = 1

# TCP Explicit Congestion Notification
#net.ipv4.tcp_ecn = 2
#net.ipv4.tcp_reordering = 3

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1200

# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1

# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 1

# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1

## TCP timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = 0

# Enable ignoring broadcasts request (Default 1)
net.ipv4.icmp_echo_ignore_broadcasts = 1

#
#net.ipv4.icmp_ratemask = 6168

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 4096

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Ignore all ICMP Echo spam - Don't ignore directed pings!
net.ipv4.icmp_echo_ignore_all = 0

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65535

# This may cause dropped frames with load-balancing and NATs,
# only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
# 1 0 can break clients behind NAT
#net.ipv4.tcp_tw_reuse = 1
#net.ipv4.tcp_tw_recycle = 0


# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15


# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0


#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600
#net.ipv4.conf.<device>.rp_filter = 1


#net.tcp.default_init_rwnd = 60
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
#net.ipv4.route.flush = 1


net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 60
#net.ipv4.tcp_rme = 6144 87380 1048576
net.ipv4.tcp_wmem = 6144 87380 1048576
net.ipv4.tcp_mem = 65536 131072 262144


#The default value held by this entry varies
#heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max =


net.ipv4.tcp_fack = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = cubic
# more speed with -> net.ipv4.tcp_congestion_control = htcp
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.udp_mem = 65536 131072 262144
#net.core.default_qdisc = fq
net.ipv4.tcp_rmem = 8192 87380 16777216


# Increase RPC slots
#sunrpc.tcp_slot_table_entries = 32
#sunrpc.udp_slot_table_entries = 32


# .autoconf set to 0 if you use a static ip!

net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_thin_dupack = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_cookie_size = 0
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
#net.ipv4.tcp_early_retrans = 2
#net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
#net.ipv4.tcp_fastopen = 3
#####
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
net.ipv4.route.max_size = 524288
net.ipv4.route.gc_timeout = 600
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 32768
#####
# http://lartc.org/howto/lartc.kernel.obscure.html
# http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
####
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 900
net.ipv4.ipfrag_time = 30
######
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 32
net.ipv4.neigh.default.gc_thresh2 = 1024
net.ipv4.neigh.default.gc_thresh3 = 2048
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 6
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#####
net.ipv4.conf.rmnet1.forwarding = 1
net.ipv4.conf.rmnet1.mc_forwarding = 0
net.ipv4.conf.rmnet1.accept_redirects = 0
net.ipv4.conf.rmnet1.secure_redirects = 0
net.ipv4.conf.rmnet1.shared_media = 1
net.ipv4.conf.rmnet1.rp_filter = 1
net.ipv4.conf.rmnet1.send_redirects = 1
net.ipv4.conf.rmnet1.accept_source_route = 1
net.ipv4.conf.rmnet1.accept_local = 0
net.ipv4.conf.rmnet1.src_valid_mark = 0
net.ipv4.conf.rmnet1.proxy_arp = 0
net.ipv4.conf.rmnet1.medium_id = 0
net.ipv4.conf.rmnet1.bootp_relay = 0
net.ipv4.conf.rmnet1.log_martians = 0
net.ipv4.conf.rmnet1.tag = 0
net.ipv4.conf.rmnet1.arp_filter = 1
net.ipv4.conf.rmnet1.arp_announce = 0
net.ipv4.conf.rmnet1.arp_ignore = 1
net.ipv4.conf.rmnet1.arp_accept = 0
net.ipv4.conf.rmnet1.arp_notify = 0
net.ipv4.conf.rmnet1.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet1.disable_xfrm = 0
net.ipv4.conf.rmnet1.disable_policy = 0
net.ipv4.conf.rmnet1.force_igmp_version = 0
net.ipv4.conf.rmnet1.promote_secondaries = 0
#####
net.ipv4.conf.rmnet2.forwarding = 1
net.ipv4.conf.rmnet2.mc_forwarding = 0
net.ipv4.conf.rmnet2.accept_redirects = 0
net.ipv4.conf.rmnet2.secure_redirects = 0
net.ipv4.conf.rmnet2.shared_media = 1
net.ipv4.conf.rmnet2.rp_filter = 1
net.ipv4.conf.rmnet2.send_redirects = 1
net.ipv4.conf.rmnet2.accept_source_route = 1
net.ipv4.conf.rmnet2.accept_local = 0
net.ipv4.conf.rmnet2.src_valid_mark = 0
net.ipv4.conf.rmnet2.proxy_arp = 0
net.ipv4.conf.rmnet2.medium_id = 0
net.ipv4.conf.rmnet2.bootp_relay = 0
net.ipv4.conf.rmnet2.log_martians = 0
net.ipv4.conf.rmnet2.tag = 0
net.ipv4.conf.rmnet2.arp_filter = 1
net.ipv4.conf.rmnet2.arp_announce = 0
net.ipv4.conf.rmnet2.arp_ignore = 1
net.ipv4.conf.rmnet2.arp_accept = 0
net.ipv4.conf.rmnet2.arp_notify = 0
net.ipv4.conf.rmnet2.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet2.disable_xfrm = 0
net.ipv4.conf.rmnet2.disable_policy = 0
net.ipv4.conf.rmnet2.force_igmp_version = 0
net.ipv4.conf.rmnet2.promote_secondaries = 0
#####
#net.ipv4.conf.rndis0.forwarding = 1
#net.ipv4.conf.rndis0.mc_forwarding = 0
#net.ipv4.conf.rndis0.accept_redirects = 0
#net.ipv4.conf.rndis0.secure_redirects = 0
#net.ipv4.conf.rndis0.shared_media = 1
#net.ipv4.conf.rndis0.rp_filter = 1
#net.ipv4.conf.rndis0.send_redirects = 1
#net.ipv4.conf.rndis0.accept_source_route = 0
#net.ipv4.conf.rndis0.accept_local = 0
#net.ipv4.conf.rndis0.src_valid_mark = 0
#net.ipv4.conf.rndis0.proxy_arp = 0
#net.ipv4.conf.rndis0.medium_id = 0
#net.ipv4.conf.rndis0.bootp_relay = 0
#net.ipv4.conf.rndis0.log_martians = 0
#net.ipv4.conf.rndis0.tag = 0
#net.ipv4.conf.rndis0.arp_filter = 1
#net.ipv4.conf.rndis0.arp_announce = 0
#net.ipv4.conf.rndis0.arp_ignore = 1
#net.ipv4.conf.rndis0.arp_accept = 0
#net.ipv4.conf.rndis0.arp_notify = 0
#net.ipv4.conf.rndis0.proxy_arp_pvlan = 0
#net.ipv4.conf.rndis0.disable_xfrm = 0
#net.ipv4.conf.rndis0.disable_policy = 0
#net.ipv4.conf.rndis0.force_igmp_version = 0
#net.ipv4.conf.rndis0.promote_secondaries = 0
#####
#net.ipv4.neigh.rndis0.mcast_solicit = 3
#net.ipv4.neigh.rndis0.ucast_solicit = 3
#net.ipv4.neigh.rndis0.app_solicit = 0
#net.ipv4.neigh.rndis0.retrans_time = 100
#net.ipv4.neigh.rndis0.base_reachable_time = 30
#net.ipv4.neigh.rndis0.delay_first_probe_time = 5
#net.ipv4.neigh.rndis0.gc_stale_time = 60
#net.ipv4.neigh.rndis0.unres_qlen = 3
#net.ipv4.neigh.rndis0.proxy_qlen = 64
#net.ipv4.neigh.rndis0.anycast_delay = 100
#net.ipv4.neigh.rndis0.proxy_delay = 80
#net.ipv4.neigh.rndis0.locktime = 100
#net.ipv4.neigh.rndis0.retrans_time_ms = 1000
#net.ipv4.neigh.rndis0.base_reachable_time_ms = 30000
#####
#net.ipv4.neigh.rmnet2.mcast_solitic = 3
net.ipv4.neigh.rmnet2.ucast_solicit = 3
net.ipv4.neigh.rmnet2.app_solicit = 0
net.ipv4.neigh.rmnet2.retrans_time = 100
net.ipv4.neigh.rmnet2.base_reachable_time = 30
net.ipv4.neigh.rmnet2.delay_first_probe_time = 5
net.ipv4.neigh.rmnet2.gc_stale_time = 60
net.ipv4.neigh.rmnet2.unres_qlen = 3
net.ipv4.neigh.rmnet2.proxy_qlen = 64
net.ipv4.neigh.rmnet2.anycast_delay = 100
net.ipv4.neigh.rmnet2.proxy_delay = 80
net.ipv4.neigh.rmnet2.locktime = 100
net.ipv4.neigh.rmnet2.retrans_time_ms = 1000
net.ipv4.neigh.rmnet2.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet1.mcast_solicit = 3
net.ipv4.neigh.rmnet1.ucast_solicit = 3
net.ipv4.neigh.rmnet1.app_solicit = 0
net.ipv4.neigh.rmnet1.retrans_time = 100
net.ipv4.neigh.rmnet1.base_reachable_time = 30
net.ipv4.neigh.rmnet1.delay_first_probe_time = 5
net.ipv4.neigh.rmnet1.gc_stale_time = 60
net.ipv4.neigh.rmnet1.unres_qlen = 3
net.ipv4.neigh.rmnet1.proxy_qlen = 64
net.ipv4.neigh.rmnet1.anycast_delay = 100
net.ipv4.neigh.rmnet1.proxy_delay = 80
net.ipv4.neigh.rmnet1.locktime = 100
net.ipv4.neigh.rmnet1.retrans_time_ms = 1000
net.ipv4.neigh.rmnet1.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet0.mcast_solicit = 3
net.ipv4.neigh.rmnet0.ucast_solicit = 3
net.ipv4.neigh.rmnet0.app_solicit = 0
net.ipv4.neigh.rmnet0.retrans_time = 100
net.ipv4.neigh.rmnet0.base_reachable_time = 30
net.ipv4.neigh.rmnet0.delay_first_probe_time = 5
net.ipv4.neigh.rmnet0.gc_stale_time = 60
net.ipv4.neigh.rmnet0.unres_qlen = 3
net.ipv4.neigh.rmnet0.proxy_qlen = 64
net.ipv4.neigh.rmnet0.anycast_delay = 100
net.ipv4.neigh.rmnet0.proxy_delay = 80
net.ipv4.neigh.rmnet0.locktime = 100
net.ipv4.neigh.rmnet0.retrans_time_ms = 1000
net.ipv4.neigh.rmnet0.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 35
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 65536
######
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
#net.ipv4.neigh.lo.unres_qlen_bytes = 65536
#####
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 65536
#####
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
#net.ipv4.neigh.sit0.unres_qlen_bytes = 65536
#####
#net.ipv4.neigh.wlan0.anycast_delay = 100
#net.ipv4.neigh.wlan0.app_solicit = 0
#net.ipv4.neigh.wlan0.base_reachable_time = 30
#net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv4.neigh.wlan0.delay_first_probe_time = 5
#net.ipv4.neigh.wlan0.gc_stale_time = 60
#net.ipv4.neigh.wlan0.locktime = 100
#net.ipv4.neigh.wlan0.mcast_solicit = 3
#net.ipv4.neigh.wlan0.proxy_delay = 80
#net.ipv4.neigh.wlan0.proxy_qlen = 64
#net.ipv4.neigh.wlan0.retrans_time = 100
#net.ipv4.neigh.wlan0.retrans_time_ms = 1000
#net.ipv4.neigh.wlan0.ucast_solicit = 3
#net.ipv4.neigh.wlan0.unres_qlen = 35
#net.ipv4.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_log_invalid = 0
#net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
#net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
#net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
#net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 15
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 75
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
#net.ipv4.ping_group_range = 0 2147483647
#net.ipv4.ip_local_reserved_ports =
#####
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 1
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 1
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
######
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 1
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 1
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
#####
net.ipv4.conf.ip6tnl0.accept_local = 0
net.ipv4.conf.ip6tnl0.accept_redirects = 0
net.ipv4.conf.ip6tnl0.accept_source_route = 1
net.ipv4.conf.ip6tnl0.arp_accept = 0
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = 1
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = 0
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = 0
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = 1
net.ipv4.conf.ip6tnl0.log_martians = 0
net.ipv4.conf.ip6tnl0.mc_forwarding = 1
net.ipv4.conf.ip6tnl0.medium_id = 0
net.ipv4.conf.ip6tnl0.promote_secondaries = 0
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = 0
net.ipv4.conf.ip6tnl0.rp_filter = 1
net.ipv4.conf.ip6tnl0.secure_redirects = 1
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = 1
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
######
net.ipv4.conf.rmnet0.forwarding = 1
net.ipv4.conf.rmnet0.mc_forwarding = 0
net.ipv4.conf.rmnet0.accept_redirects = 0
net.ipv4.conf.rmnet0.secure_redirects = 0
net.ipv4.conf.rmnet0.shared_media = 1
net.ipv4.conf.rmnet0.rp_filter = 1
net.ipv4.conf.rmnet0.send_redirects = 1
net.ipv4.conf.rmnet0.accept_source_route = 1
net.ipv4.conf.rmnet0.accept_local = 0
net.ipv4.conf.rmnet0.src_valid_mark = 0
net.ipv4.conf.rmnet0.proxy_arp = 0
net.ipv4.conf.rmnet0.medium_id = 0
net.ipv4.conf.rmnet0.bootp_relay = 0
net.ipv4.conf.rmnet0.log_martians = 0
net.ipv4.conf.rmnet0.tag = 0
net.ipv4.conf.rmnet0.arp_filter = 1
net.ipv4.conf.rmnet0.arp_announce = 0
net.ipv4.conf.rmnet0.arp_ignore = 1
net.ipv4.conf.rmnet0.arp_accept = 0
net.ipv4.conf.rmnet0.arp_notify = 0
net.ipv4.conf.rmnet0.proxy_arp_pvlan = 0
net.ipv4.conf.rmnet0.disable_xfrm = 0
net.ipv4.conf.rmnet0.disable_policy = 0
net.ipv4.conf.rmnet0.force_igmp_version = 0
net.ipv4.conf.rmnet0.promote_secondaries = 0
######
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 1
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 1
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
#####
#net.ipv4.conf.p2p0.accept_local = 0
#net.ipv4.conf.p2p0.accept_redirects = 0
#net.ipv4.conf.p2p0.accept_source_route = 1
#net.ipv4.conf.p2p0.arp_accept = 0
#net.ipv4.conf.p2p0.arp_announce = 0
#net.ipv4.conf.p2p0.arp_filter = 1
#net.ipv4.conf.p2p0.arp_ignore = 0
#net.ipv4.conf.p2p0.arp_notify = 0
#net.ipv4.conf.p2p0.bootp_relay = 0
#net.ipv4.conf.p2p0.disable_policy = 0
#net.ipv4.conf.p2p0.disable_xfrm = 0
#net.ipv4.conf.p2p0.force_igmp_version = 0
#net.ipv4.conf.p2p0.forwarding = 1
#net.ipv4.conf.p2p0.log_martians = 0
#net.ipv4.conf.p2p0.mc_forwarding = 1
#net.ipv4.conf.p2p0.medium_id = 0
#net.ipv4.conf.p2p0.promote_secondaries = 0
#net.ipv4.conf.p2p0.proxy_arp = 0
#net.ipv4.conf.p2p0.proxy_arp_pvlan = 0
#net.ipv4.conf.p2p0.rp_filter = 1
#net.ipv4.conf.p2p0.secure_redirects = 1
#net.ipv4.conf.p2p0.send_redirects = 1
#net.ipv4.conf.p2p0.shared_media = 1
#net.ipv4.conf.p2p0.src_valid_mark = 0
#net.ipv4.conf.p2p0.tag = 0
#####
net.ipv4.conf.sit0.accept_local = 0
net.ipv4.conf.sit0.accept_redirects = 0
net.ipv4.conf.sit0.accept_source_route = 1
net.ipv4.conf.sit0.arp_accept = 0
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = 1
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = 0
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = 0
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = 1
net.ipv4.conf.sit0.log_martians = 0
net.ipv4.conf.sit0.mc_forwarding = 1
net.ipv4.conf.sit0.medium_id = 0
net.ipv4.conf.sit0.promote_secondaries = 0
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = 0
net.ipv4.conf.sit0.rp_filter = 1
net.ipv4.conf.sit0.secure_redirects = 1
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = 1
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
######
#net.ipv4.conf.wlan0.accept_local = 0
#net.ipv4.conf.wlan0.accept_redirects = 0
#net.ipv4.conf.wlan0.accept_source_route = 1
#net.ipv4.conf.wlan0.arp_accept = 0
#net.ipv4.conf.wlan0.arp_announce = 0
#net.ipv4.conf.wlan0.arp_filter = 1
#net.ipv4.conf.wlan0.arp_ignore = 0
#net.ipv4.conf.wlan0.arp_notify = 0
#net.ipv4.conf.wlan0.bootp_relay = 0
#net.ipv4.conf.wlan0.disable_policy = 0
#net.ipv4.conf.wlan0.disable_xfrm = 0
#net.ipv4.conf.wlan0.force_igmp_version = 0
#net.ipv4.conf.wlan0.forwarding = 1
#net.ipv4.conf.wlan0.log_martians = 0
#net.ipv4.conf.wlan0.mc_forwarding = 1
#net.ipv4.conf.wlan0.medium_id = 0
#net.ipv4.conf.wlan0.promote_secondaries = 1
#net.ipv4.conf.wlan0.proxy_arp = 0
#net.ipv4.conf.wlan0.proxy_arp_pvlan = 0
#net.ipv4.conf.wlan0.rp_filter = 1
#net.ipv4.conf.wlan0.secure_redirects = 1
#net.ipv4.conf.wlan0.send_redirects = 1
#net.ipv4.conf.wlan0.shared_media = 1
#net.ipv4.conf.wlan0.src_valid_mark = 0
#net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.igmp_max_memberships = 20
net.ipv4.conf.default.accept_redirects = 0
#net.ipv4.conf.all.igmp_max_memberships = 20


# Netfilter
########
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = ipt_LOG
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = ip6t_LOG
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE


net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_count = 36
net.netfilter.nf_conntrack_dccp_loose = 1
net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
net.netfilter.nf_conntrack_dccp_timeout_closing = 64
net.netfilter.nf_conntrack_dccp_timeout_open = 43200
net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
net.netfilter.nf_conntrack_dccp_timeout_request = 240
net.netfilter.nf_conntrack_dccp_timeout_respond = 480
net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 50168
net.netfilter.nf_conntrack_expect_max = 256
net.netfilter.nf_conntrack_frag6_high_thresh = 262144
net.netfilter.nf_conntrack_frag6_low_thresh = 196608
net.netfilter.nf_conntrack_frag6_timeout = 60
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 180
#net.netfilter.nf_conntrack_skip_filter = 1
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
net.netfilter.nf_conntrack_sctp_timeout_closed = 10
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180


# Disable bridge firewall'ing by default
#net.bridge.bridge-nf-call-arptables = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 0


# sysctl -a | grep ipv6 sysctl

###############################
# IPv6 -> http://test-ipv6.com  +  RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id = 14013
# https://code.google.com/p/android/issues/detail?id = 31102
# Only on Lollipop: RFC 6106
###############################
net.ipv6.ip_forward = 1
#net.ipv6.bindv6only = 0
#net.ipv6.fwmark_reflect = 0
#net.ipv6.tcp_timestamps = 0
#net.ipv6.ip_forward_use_pmtu = 0
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.conf.all.secure_redirects = 0
#net.ipv6.conf.all.forwarding = 1
#net.ipv6.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_ra = 1
#net.ipv6.conf.all.accept_dad = 1
#net.ipv6.conf.all.accept_ra_rtr_pref = 1
#net.ipv6.conf.all.accept_ra_pinfo = 1
#net.ipv6.conf.all.accept_ra_defrtr = 1
#net.ipv6.conf.all.use_tempaddr = 2
#net.ipv6.conf.all.temp_valid_lft = 604800
#net.ipv6.conf.all.autoconf = 1
#net.ipv6.conf.all.accept_source_route = 0
#net.ipv6.conf.all.force_mld_version = 0
#net.ipv6.conf.all.force_tllao = 0
#net.ipv6.conf.all.hop_limit = 64
#net.ipv6.conf.all.max_addresses = 16
#net.ipv6.conf.al.max_desync_factor = 600
#net.ipv6.conf.all.mtu = 1280
#net.ipv6.conf.all.optimistic_dad = 0
#net.ipv6.conf.all.use_optimistic = 0
#net.ipv6.conf.all.proxy_ndp = 2
#net.ipv6.conf.all.regen_max_retry = 3
#net.ipv6.conf.all.router_probe_interval = 60
#net.ipv6.conf.all.router_solicitation_delay = 1
#net.ipv6.conf.all.router_solicitation_interval = 4
#net.ipv6.conf.all.router_solicitations = 3
#net.ipv6.conf.all.temp_prefered_lft = 86400
# sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
#####
#net.ipv6.conf.default.secure_redirects = 0
#net.ipv6.conf.default.autoconf = 1
#net.ipv6.conf.default.accept_redirects = 0
#net.ipv6.conf.default.use_tempaddr = 2
#net.ipv6.conf.default.accept_dad = 1
#net.ipv6.conf.default.accept_ra = 0
#net.ipv6.conf.default.accept_ra_defrtr = 1
#net.ipv6.conf.default.accept_ra_pinfo = 1
#net.ipv6.conf.default.accept_ra_rtr_pref = 1
#net.ipv6.conf.default.accept_source_route = 0
#net.ipv6.conf.default.dad_transmits = 1
#net.ipv6.conf.default.force_mld_version = 0
#net.ipv6.conf.default.force_tllao = 0
#net.ipv6.conf.default.forwarding = 1
#net.ipv6.conf.default.hop_limit = 64
#net.ipv6.conf.default.max_addresses = 16
#net.ipv6.conf.default.max_desync_factor = 600
#net.ipv6.conf.default.mtu = 1280
#net.ipv6.conf.default.optimistic_dad = 0
#net.ipv6.conf.default.proxy_ndp = 0
#net.ipv6.conf.default.regen_max_retry = 3
#net.ipv6.conf.default.router_probe_interval = 60
#net.ipv6.conf.default.router_solicitation_delay = 1
#net.ipv6.conf.default.router_solicitation_interval = 4
#net.ipv6.conf.default.router_solicitations = 3
#net.ipv6.conf.default.temp_prefered_lft = 86400
#net.ipv6.conf.default.temp_valid_lft = 604800
#####
net.ipv6.conf.ip6tnl0.forwarding = 1
#net.ipv6.conf.ip6tnl0.hop_limit = 64
#net.ipv6.conf.ip6tnl0.mtu = 1452
#net.ipv6.conf.ip6tnl0.accept_ra = 2
#net.ipv6.conf.ip6tnl0.accept_redirects = 0
#net.ipv6.conf.ip6tnl0.autoconf = 1
#net.ipv6.conf.ip6tnl0.dad_transmits = 1
#net.ipv6.conf.ip6tnl0.router_solicitations = 3
#net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
#net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
#net.ipv6.conf.ip6tnl0.force_mld_version = 0
#net.ipv6.conf.ip6tnl0.use_tempaddr = 2
#net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
#net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
#net.ipv6.conf.ip6tnl0.regen_max_retry = 3
#net.ipv6.conf.ip6tnl0.max_desync_factor = 600
#net.ipv6.conf.ip6tnl0.max_addresses = 16
#net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1
#net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1
#net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = 1
#net.ipv6.conf.ip6tnl0.router_probe_interval = 60
#net.ipv6.conf.ip6tnl0.proxy_ndp = 0
#net.ipv6.conf.ip6tnl0.accept_source_route = 0
#net.ipv6.conf.ip6tnl0.optimistic_dad = 0
#net.ipv6.conf.ip6tnl0.disable_ipv6 = 1
#net.ipv6.conf.ip6tnl0.accept_dad = -1
#net.ipv6.conf.ip6tnl0.force_tllao = 0
#####
#net.ipv6.conf.lo.accept_dad = -1
#net.ipv6.conf.lo.accept_ra = 2
#net.ipv6.conf.lo.accept_ra_defrtr = 1
#net.ipv6.conf.lo.accept_ra_pinfo = 1
#net.ipv6.conf.lo.accept_ra_rtr_pref = 1
#net.ipv6.conf.lo.accept_redirects = 0
#net.ipv6.conf.lo.accept_source_route = 0
#net.ipv6.conf.lo.autoconf = 1
#net.ipv6.conf.lo.dad_transmits = 1
#net.ipv6.conf.lo.force_mld_version = 0
#net.ipv6.conf.lo.force_tllao = 0
#net.ipv6.conf.lo.forwarding = 1
#net.ipv6.conf.lo.hop_limit = 64
#net.ipv6.conf.lo.max_addresses = 16
#net.ipv6.conf.lo.max_desync_factor = 600
#net.ipv6.conf.lo.mtu = 16436
#net.ipv6.conf.lo.optimistic_dad = 1
#net.ipv6.conf.lo.proxy_ndp = 0
#net.ipv6.conf.lo.regen_max_retry = 3
#net.ipv6.conf.lo.router_probe_interval = 60
#net.ipv6.conf.lo.router_solicitation_delay = 1
#net.ipv6.conf.lo.router_solicitation_interval = 4
#net.ipv6.conf.lo.router_solicitations = 3
#net.ipv6.conf.lo.temp_prefered_lft = 86400
#net.ipv6.conf.lo.temp_valid_lft = 604800
#net.ipv6.conf.lo.use_tempaddr = 2
######
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 2
#net.ipv6.conf.p2p0.accept_ra_defrtr = 1
#net.ipv6.conf.p2p0.accept_ra_pinfo = 1
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = 1
#net.ipv6.conf.p2p0.accept_redirects = 0
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = 1
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 1
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = 0
#net.ipv6.conf.p2p0.forwarding = 1
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = 0
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 3
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = 2
#####
#net.ipv6.conf.sit0.forwarding = 1
#net.ipv6.conf.sit0.hop_limit = 64
#net.ipv6.conf.sit0.mtu = 1480
#net.ipv6.conf.sit0.accept_ra = 2
#net.ipv6.conf.sit0.accept_redirects = 0
#net.ipv6.conf.sit0.autoconf = 1
#net.ipv6.conf.sit0.dad_transmits = 1
#net.ipv6.conf.sit0.router_solicitations = 3
#net.ipv6.conf.sit0.router_solicitation_interval = 4
#net.ipv6.conf.sit0.router_solicitation_delay = 1
#net.ipv6.conf.sit0.force_mld_version = 0
#net.ipv6.conf.sit0.use_tempaddr = 2
#net.ipv6.conf.sit0.temp_valid_lft = 604800
#net.ipv6.conf.sit0.temp_prefered_lft = 86400
#net.ipv6.conf.sit0.regen_max_retry = 3
#net.ipv6.conf.sit0.max_desync_factor = 600
#net.ipv6.conf.sit0.max_addresses = 16
#net.ipv6.conf.sit0.accept_ra_defrtr = 1
#net.ipv6.conf.sit0.accept_ra_pinfo = 1
#net.ipv6.conf.sit0.accept_ra_rtr_pref = 1
#net.ipv6.conf.sit0.router_probe_interval = 60
#net.ipv6.conf.sit0.proxy_ndp = 0
#net.ipv6.conf.sit0.accept_source_route = 0
#net.ipv6.conf.sit0.optimistic_dad = 0
#net.ipv6.conf.sit0.disable_ipv6 = 1
#net.ipv6.conf.sit0.accept_dad = -1
#net.ipv6.conf.sit0.force_tllao = 0
#####
#net.ipv6.conf.wlan0.accept_dad = 1
#net.ipv6.conf.wlan0.accept_ra = 2
#net.ipv6.conf.wlan0.accept_ra_defrtr = 1
#net.ipv6.conf.wlan0.accept_ra_pinfo = 1
#net.ipv6.conf.wlan0.accept_ra_rtr_pref = 1
#net.ipv6.conf.wlan0.accept_redirects = 0
#net.ipv6.conf.wlan0.accept_source_route = 0
#net.ipv6.conf.wlan0.autoconf = 1
#net.ipv6.conf.wlan0.dad_transmits = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.wlan0.force_mld_version = 0
#net.ipv6.conf.wlan0.force_tllao = 0
#net.ipv6.conf.wlan0.forwarding = 1
#net.ipv6.conf.wlan0.hop_limit = 64
#net.ipv6.conf.wlan0.max_addresses = 16
#net.ipv6.conf.wlan0.max_desync_factor = 600
#net.ipv6.conf.wlan0.mtu = 1500
#net.ipv6.conf.wlan0.optimistic_dad = 0
#net.ipv6.conf.wlan0.proxy_ndp = 0
#net.ipv6.conf.wlan0.regen_max_retry = 3
#net.ipv6.conf.wlan0.router_probe_interval = 60
#net.ipv6.conf.wlan0.router_solicitation_delay = 5
#net.ipv6.conf.wlan0.router_solicitation_interval = 1
#net.ipv6.conf.wlan0.router_solicitations = 5
# sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
#net.ipv6.conf.wlan0.temp_prefered_lft = 86400
#net.ipv6.conf.wlan0.temp_valid_lft = 604800
#net.ipv6.conf.wlan0.use_tempaddr = 2
#net.ipv6.icmp.ratelimit = 1000
#net.ipv6.ip6frag_high_thresh = 262144
#net.ipv6.ip6frag_low_thresh = 196608
#net.ipv6.ip6frag_secret_interval = 600
#net.ipv6.ip6frag_time = 60
#net.ipv6.mld_max_msf = 64
######
#net.ipv6.neigh.default.anycast_delay = 100
#net.ipv6.neigh.default.app_solicit = 0
#net.ipv6.neigh.default.base_reachable_time = 30
#net.ipv6.neigh.default.base_reachable_time_ms = 30000
#net.ipv6.neigh.default.delay_first_probe_time = 5
#net.ipv6.neigh.default.gc_interval = 30
#net.ipv6.neigh.default.gc_stale_time = 60
#net.ipv6.neigh.default.gc_thresh1 = 128
#net.ipv6.neigh.default.gc_thresh2 = 512
#net.ipv6.neigh.default.gc_thresh3 = 1024
#net.ipv6.neigh.default.locktime = 0
#net.ipv6.neigh.default.mcast_solicit = 3
#net.ipv6.neigh.default.proxy_delay = 80
#net.ipv6.neigh.default.proxy_qlen = 64
#net.ipv6.neigh.default.retrans_time = 200
#net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.neigh.default.ucast_solicit = 3
#net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 65536
#####
#net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
#net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.app_solicit = 0
#net.ipv6.neigh.ip6tnl0.retrans_time = 200
#net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
#net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
#net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
#net.ipv6.neigh.ip6tnl0.unres_qlen = 3
#net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
#net.ipv6.neigh.ip6tnl0.anycast_delay = 100
#net.ipv6.neigh.ip6tnl0.proxy_delay = 80
#net.ipv6.neigh.ip6tnl0.locktime = 0
#net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
#net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.lo.app_solicit = 0
#net.ipv6.neigh.lo.anycast_delay = 100
#net.ipv6.neigh.lo.ucast_solicit = 3
#net.ipv6.neigh.lo.base_reachable_time = 30
#net.ipv6.neigh.lo.base_reachable_time_ms = 30000
#net.ipv6.neigh.lo.unres_qlen = 35
#net.ipv6.neigh.lo.delay_first_probe_time = 5
#net.ipv6.neigh.lo.gc_stale_time = 60
#net.ipv6.neigh.lo.locktime = 0
#net.ipv6.neigh.lo.proxy_delay = 80
#net.ipv6.neigh.lo.mcast_solicit = 3
#net.ipv6.neigh.lo.proxy_qlen = 64
#net.ipv6.neigh.lo.retrans_time = 200
#net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 65536
######
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 65536
#net.ipv6.xfrm6_gc_thresh = 2048
#net.ipv6.route.mtu_expires = 600
#net.ipv6.route.flush = 1
#net.ipv6.route.min_adv_mss = 1220
#net.ipv6.route.max_size = 4096
#net.ipv6.route.gc_timeout = 60
#net.ipv6.route.gc_thresh = 1024
#net.ipv6.route.gc_min_interval_ms = 500
#net.ipv6.route.gc_min_interval = 0
#net.ipv6.route.gc_interval = 30
#####
#net.ipv6.neigh.sit0.mcast_solicit = 3
#net.ipv6.neigh.sit0.proxy_qlen = 64
#net.ipv6.neigh.sit0.proxy_delay = 80
#net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.sit0.locktime = 0
#net.ipv6.neigh.sit0.delay_first_probe_time = 5
#net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
#net.ipv6.neigh.sit0.base_reachable_time = 30
#net.ipv6.neigh.sit0.gc_stale_time = 60
#net.ipv6.neigh.sit0.app_solicit = 0
#net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 65536
#net.ipv6.neigh.sit0.unres_qlen = 35
#net.ipv6.neigh.sit0.ucast_solicit = 3
#####
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.anycast_delay = 100
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
#net.ipv6.neigh.wlan0.unres_qlen = 35
#net.ipv6.route.gc_elasticity = 9
#net.ipv6.conf.rndis0.mtu = 1500
#net.ipv6.conf.rndis0.force_tllao = 0
#net.ipv6.conf.rndis0.accept_dad = 1
#net.ipv6.conf.rndis0.disable_ipv6 = 1
#net.ipv6.conf.rndis0.optimistic_dad = 0
#net.ipv6.conf.rndis0.accept_source_route = 0
#net.ipv6.conf.rndis0.proxy_ndp = 0
#net.ipv6.conf.rndis0.router_probe_interval = 60
#net.ipv6.conf.rndis0.accept_ra_rtr_pref = 1
#net.ipv6.conf.rndis0.forwarding = 1
#net.ipv6.conf.rndis0.hop_limit = 64
#net.ipv6.conf.rndis0.accept_ra = 2
#net.ipv6.conf.rndis0.accept_redirects = 0
#net.ipv6.conf.rndis0.autoconf = 1
#net.ipv6.conf.rndis0.dad_transmits = 1
#net.ipv6.conf.rndis0.router_solicitations = 3
#net.ipv6.conf.rndis0.router_solicitation_interval = 4
#net.ipv6.conf.rndis0.router_solicitation_delay = 1
#net.ipv6.conf.rndis0.force_mld_version = 0
#net.ipv6.conf.rndis0.use_tempaddr = 2
#net.ipv6.conf.rndis0.temp_valid_lft = 604800
#net.ipv6.conf.rndis0.temp_prefered_lft = 86400
#net.ipv6.conf.rndis0.regen_max_retry = 3
#net.ipv6.conf.rndis0.max_desync_factor = 600
#net.ipv6.conf.rndis0.max_addresses = 16
#net.ipv6.conf.rndis0.accept_ra_defrtr = 1
#net.ipv6.conf.rndis0.accept_ra_pinfo = 1
#####
net.ipv6.conf.rmnet2.forwarding = 1
#net.ipv6.conf.rmnet2.hop_limit = 64
#net.ipv6.conf.rmnet2.mtu = 1500
#net.ipv6.conf.rmnet2.accept_ra = 2
#net.ipv6.conf.rmnet2.accept_redirects = 0
#net.ipv6.conf.rmnet2.autoconf = 1
#net.ipv6.conf.rmnet2.dad_transmits = 1
#net.ipv6.conf.rmnet2.router_solicitations = 3
#net.ipv6.conf.rmnet2.router_solicitation_interval = 4
#net.ipv6.conf.rmnet2.router_solicitation_delay = 1
#net.ipv6.conf.rmnet2.force_mld_version = 0
#net.ipv6.conf.rmnet2.use_tempaddr = 2
#net.ipv6.conf.rmnet2.temp_valid_lft = 604800
#net.ipv6.conf.rmnet2.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet2.regen_max_retry = 3
#net.ipv6.conf.rmnet2.max_desync_factor = 600
#net.ipv6.conf.rmnet2.max_addresses = 16
#net.ipv6.conf.rmnet2.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet2.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet2.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet2.router_probe_interval = 60
#net.ipv6.conf.rmnet2.proxy_ndp = 0
#net.ipv6.conf.rmnet2.accept_source_route = 0
#net.ipv6.conf.rmnet2.optimistic_dad = 0
#net.ipv6.conf.rmnet2.disable_ipv6 = 1
#net.ipv6.conf.rmnet2.accept_dad = -1
#net.ipv6.conf.rmnet2.force_tllao = 0
####
net.ipv6.conf.rmnet1.forwarding = 1
#net.ipv6.conf.rmnet1.hop_limit = 64
#net.ipv6.conf.rmnet1.mtu = 1500
#net.ipv6.conf.rmnet1.accept_ra = 2
#net.ipv6.conf.rmnet1.accept_redirects = 0
#net.ipv6.conf.rmnet1.autoconf = 1
#net.ipv6.conf.rmnet1.dad_transmits = 1
#net.ipv6.conf.rmnet1.router_solicitations = 3
#net.ipv6.conf.rmnet1.router_solicitation_interval = 4
#net.ipv6.conf.rmnet1.router_solicitation_delay = 1
#net.ipv6.conf.rmnet1.force_mld_version = 0
#net.ipv6.conf.rmnet1.use_tempaddr = 2
#net.ipv6.conf.rmnet1.temp_valid_lft = 604800
#net.ipv6.conf.rmnet1.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet1.regen_max_retry = 3
#net.ipv6.conf.rmnet1.max_desync_factor = 600
#net.ipv6.conf.rmnet1.max_addresses = 16
#net.ipv6.conf.rmnet1.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet1.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet1.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet1.router_probe_interval = 60
#net.ipv6.conf.rmnet1.proxy_ndp = 0
#net.ipv6.conf.rmnet1.accept_source_route = 0
#net.ipv6.conf.rmnet1.optimistic_dad = 0
#net.ipv6.conf.rmnet1.disable_ipv6 = 1
#net.ipv6.conf.rmnet1.accept_dad = -1
#net.ipv6.conf.rmnet1.force_tllao = 0
####
#net.ipv6.conf.rmnet0.forwarding = 1
#net.ipv6.conf.rmnet0.hop_limit = 64
#net.ipv6.conf.rmnet0.mtu = 1358
#net.ipv6.conf.rmnet0.accept_ra = 2
#net.ipv6.conf.rmnet0.accept_redirects = 0
#net.ipv6.conf.rmnet0.autoconf = 1
#net.ipv6.conf.rmnet0.dad_transmits = 1
#net.ipv6.conf.rmnet0.router_solicitations = 3
#net.ipv6.conf.rmnet0.router_solicitation_interval = 4
#net.ipv6.conf.rmnet0.router_solicitation_delay = 1
#net.ipv6.conf.rmnet0.force_mld_version = 0
#net.ipv6.conf.rmnet0.use_tempaddr = 2
#net.ipv6.conf.rmnet0.temp_valid_lft = 604800
#net.ipv6.conf.rmnet0.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet0.regen_max_retry = 3
#net.ipv6.conf.rmnet0.max_desync_factor = 600
#net.ipv6.conf.rmnet0.max_addresses = 16
#net.ipv6.conf.rmnet0.accept_ra_defrtr = 1
#net.ipv6.conf.rmnet0.accept_ra_pinfo = 1
#net.ipv6.conf.rmnet0.accept_ra_rtr_pref = 1
#net.ipv6.conf.rmnet0.router_probe_interval = 60
#net.ipv6.conf.rmnet0.proxy_ndp = 0
#net.ipv6.conf.rmnet0.accept_source_route = 0
#net.ipv6.conf.rmnet0.optimistic_dad = 0
#net.ipv6.conf.rmnet0.disable_ipv6 = 1
#net.ipv6.conf.rmnet0.accept_dad = -1
#net.ipv6.conf.rmnet0.force_tllao = 0
######
#net.ipv6.neigh.rndis0.mcast_solicit = 3
#net.ipv6.neigh.rndis0.ucast_solicit = 3
#net.ipv6.neigh.rndis0.app_solicit = 0
#net.ipv6.neigh.rndis0.retrans_time = 200
#net.ipv6.neigh.rndis0.base_reachable_time = 30
#net.ipv6.neigh.rndis0.delay_first_probe_time = 5
#net.ipv6.neigh.rndis0.gc_stale_time = 60
#net.ipv6.neigh.rndis0.unres_qlen = 3
#net.ipv6.neigh.rndis0.proxy_qlen = 64
#net.ipv6.neigh.rndis0.anycast_delay = 100
#net.ipv6.neigh.rndis0.proxy_delay = 80
#net.ipv6.neigh.rndis0.locktime = 0
#net.ipv6.neigh.rndis0.retrans_time_ms = 1000
#net.ipv6.neigh.rndis0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet2.mcast_solicit = 3
#net.ipv6.neigh.rmnet2.ucast_solicit = 3
#net.ipv6.neigh.rmnet2.app_solicit = 0
#net.ipv6.neigh.rmnet2.retrans_time = 200
#net.ipv6.neigh.rmnet2.base_reachable_time = 30
#net.ipv6.neigh.rmnet2.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet2.gc_stale_time = 60
#net.ipv6.neigh.rmnet2.unres_qlen = 3
#net.ipv6.neigh.rmnet2.proxy_qlen = 64
#net.ipv6.neigh.rmnet2.anycast_delay = 100
#net.ipv6.neigh.rmnet2.proxy_delay = 80
#net.ipv6.neigh.rmnet2.locktime = 0
#net.ipv6.neigh.rmnet2.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet2.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet1.mcast_solicit = 3
#net.ipv6.neigh.rmnet1.ucast_solicit = 3
#net.ipv6.neigh.rmnet1.app_solicit = 0
#net.ipv6.neigh.rmnet1.retrans_time = 200
#net.ipv6.neigh.rmnet1.base_reachable_time = 30
#net.ipv6.neigh.rmnet1.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet1.gc_stale_time = 60
#net.ipv6.neigh.rmnet1.unres_qlen = 3
#net.ipv6.neigh.rmnet1.proxy_qlen = 64
#net.ipv6.neigh.rmnet1.anycast_delay = 100
#net.ipv6.neigh.rmnet1.proxy_delay = 80
#net.ipv6.neigh.rmnet1.locktime = 0
#net.ipv6.neigh.rmnet1.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet1.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet0.mcast_solicit = 3
#net.ipv6.neigh.rmnet0.ucast_solicit = 3
#net.ipv6.neigh.rmnet0.app_solicit = 0
#net.ipv6.neigh.rmnet0.retrans_time = 200
#net.ipv6.neigh.rmnet0.base_reachable_time = 30
#net.ipv6.neigh.rmnet0.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet0.gc_stale_time = 60
#net.ipv6.neigh.rmnet0.unres_qlen = 3
#net.ipv6.neigh.rmnet0.proxy_qlen = 64
#net.ipv6.neigh.rmnet0.anycast_delay = 100
#net.ipv6.neigh.rmnet0.proxy_delay = 80
#net.ipv6.neigh.rmnet0.locktime = 0
#net.ipv6.neigh.rmnet0.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet0.base_reachable_time_ms = 30000
######


# Disable IPv6
###############
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1


# Wireless + TCP Speed & Security Tweaks
###############
#net.core.bpf_jit_enable = 0
net.core.rmem_default = 262144
net.core.wmem_default = 131072
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
#net.core.hot_list_length = 1024
net.core.rmem_default = 163840
net.core.rmem_max = 16777216
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 1024
net.core.warnings = 1
net.core.wmem_max = 16777216
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 50168
net.phonet.local_port_range = 64 255
net.core.netdev_max_backlog = 2500

# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
###############
net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576

###############################
# VM & Filesystem tweaks
# (specifies amount of virtual RAM,
# if it should kill a task or not,
# how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 45
#fs.file-max = 80249
fs.nr_open = 1048576
fs.leases-enable = 1
#fs.inotify.max_queued_events = 16384
#fs.inotify.max_user_instances = 256
#fs.inotify.max_user_watches = 8192
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
fs.overflowuid = 65534
#fs.protected_symlinks = 1
#vm.overcommit_memory = 0
vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
vm.overcommit_ratio = 0
vm.drop_caches = 0
#vm.extfrag_threshold = 500
vm.swappiness = 0
vm.dirty_writeback_centisecs = 2000
#vm.dirty_expire_centisecs = 200
vm.dirty_ratio = 20
vm.highmem_is_dirtyable = 0
vm.dirty_background_ratio = 2
#vm.max_map_count = 65530
#vm.dirty_writeback_centisecs = 500
vm.oom_kill_allocating_task = 0
vm.nr_pdflush_threads = 0
vm.mmap_min_addr = 4096
#vm.min_free_kbytes = 8192
vm.panic_on_oom = 0
vm.vfs_cache_pressure = 100
vm.laptop_mode = 0
vm.block_dump = 0
vm.scan_unevictable_pages = 0
vm.percpu_pagelist_fraction = 0
vm.stat_interval = 1
#vold.post_fs_data_done = 1
#vm.dirty_background_bytes = 0
#vm.dirty_bytes = 0

# Disables logging
###############
#rm /dev/log/main


dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 217429
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 15905 7235
#fs.inode-state = 20259 0 0 0 0 0 0
fs.suid_dumpable = 0
fs.pipe-max-size = 1048576
#kernel.auto_msgmni = 1
kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36


###############
# Kernel
###############
kernel.random.write_wakeup_threshold = 2048
#kernel.sched_features = 24189
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
kernel.sched_child_runs_first = 0
kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
kernel.watchdog = 1
#kernel.version = 479 SMP PREEMPT Mon Mar 30 13:32:29 CEST 2015
kernel.real-root-dev = 0
#kernel.sched_autogroup_enabled = 0
#kernel.sched_migration_cost_ns = 5000000
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
kernel.sched_latency_ns = 10000000
kernel.sched_migration_cost = 500000
kernel.sched_min_granularity_ns = 2250000
kernel.sched_nr_migrate = 32
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_shares_window = 10000000
kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250	32000	32	128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
kernel.shmall = 2097152
#kernel.random.poolsize = 4096
kernel.shmmax = 33554432
kernel.shmmni = 4096
kernel.softlockup_panic = 1
kernel.tainted = 1
kernel.threads-max = 12542
kernel.timer_migration = 1
#kernel.usermodehelper.inheritable = 4294967295 4294967295
#kernel.usermodehelper.bset = 4294967295 4294967295
#kernel.random.uuid = 465b8dc9-8ba6-474d-a762-a932375082f0
#kernel.random.entropy_avail = 4096
#kernel.random.read_wakeup_threshold = 4096
#kernel.random.boot_id = 77705164-182c-454a-ae31-6dc047e57c3e
kernel.auto_msgmni = 1
#kernel.maps_protect = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 1
kernel.dmesg_restrict = 2
kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
kernel.hostname = localhost
kernel.hotplug = /sbin/hotplug
kernel.hung_task_check_count = 32768
kernel.hung_task_panic = 1
kernel.hung_task_timeout_secs = 30
#kernel.hung_task_warnings = 10
kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 1
kernel.max_lock_depth = 1024
kernel.msgmax = 65536
kernel.msgmnb = 65536
#kernel.msgmni = 1119
#kernel.ngroups_max = 65536
kernel.nmi_watchdog = 1
#kernel.osrelease = 4.0.1
kernel.ostype = Linux
kernel.overflowgid = 65534
kernel.overflowuid = 65534
#kernel.panic = 1
kernel.panic_on_oops = 1
kernel.pid_max = 65536
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
kernel.printk = 4 4 1 7
kernel.printk_delay = 0
kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.cad_pid = 1
kernel.randomize_va_space = 2
crypto.fips_status = 0

# Controls the System Request debugging functionality
# of the kernel (magic-sysrq key)
kernel.sysrq = 1


###############
# Logcat
# 0  =  enabled
# 1  =  enable at boot, but not when suspended
# 2  =  completely disabled
###############
# echo 0 > /sys/module/logger/parameters/log_mode


###############
# Interfaces -
# DO NOT change if you not know what you're doing!
###############
#service.adb.tcp.port = 5555
#service.adb.tcp.port = -1
#net.eth0.gw = 10.0.2.2
#net.eth0.dns1 = 10.0.2.3
#net.gprs.local-ip = 10.0.2.15
#ro.radio.use-ppp = no
#ro.bt.bdaddr_path = "/efs/bluetooth/bt_addr"
#ro.nfc.port = "I2C"
#sys.usb.state = ${sys.usb.config}
#service.adb.root = 1
#wifi.interface = wlan0
#wifi.supplicant_scan_interval = 250
#mobiledata.interfaces = pdp0,wlan0,gprs,ppp0
#ro.telephony.ril_class = SamsungExynos4RIL
#ro.carrier = unknown
#net.bt.name = chefkoch
#ro.com.android.wifi-watchlist = ChefkochGuest
#ro.com.google.clientidbase = android-google
#persist.sys.usb.config = mass_storage,adb


# Caching
# -1 means infinitive cacheing
#networkaddress.cache.ttl = 0
# Default 10
#networkaddress.cache.negative.ttl = 0

## WTF!
#profiler.force_disable_ulog = 1
#rofiler.force_disable_err_rpt = 1
# /WTF!

# Set maximum and minimum speed of raid resyncing operations
#dev.raid.speed_limit_max = 10000
#dev.raid.speed_limit_min = 1000

## sysctl.conf
# Time created: 16.04.2015
# Works on Android 5 AND! Linux Debian
# proc/ must be called to use it.
#
# by CHEF-KOCH (all default values!)
# THX -> https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
#
# Optional: Interfaces which are depending how the kernel was compiled
# are marked with ####
#
# Of course: There are also some external interface names!
# -> e.g. Android uses p0p and such, you need to add them manually
# -> and NEVER mix the settings !
#
#

# All sysctl parameters are loaded at boot time through /etc/init.d/network script.
#The command is:
#sysctl -e -p /etc/sysctl.conf


# You can verify the Linux networking kernel parms from the root user with these commands:
# e.g. sysctl -a | grep ipv4.ip_local

##################################
#/proc/sys/net/ipv4/* Variables:
##################################
net.ipv4.ip_forward = 0
#	0 - disabled (default)
#	not 0 - enabled
#
#	Forward Packets between interfaces.
#
#	This variable is special, its change resets all configuration
#	parameters to their default state (RFC1122 for hosts, RFC1812
#	for routers)
#
net.ipv4.ip_default_ttl = 64
#	Default value of TTL field (Time To Live) for outgoing (but not
#	forwarded) IP packets. Should be between 1 and 255 inclusive.
#	Default: 64 (as recommended by RFC1700)
#
net.ipv4.ip_no_pmtu_disc = 0
#	Disable Path MTU Discovery. If enabled in mode 1 and a
#	fragmentation-required ICMP is received, the PMTU to this
#	destination will be set to min_pmtu (see below). You will need
#	to raise min_pmtu to the smallest interface MTU on your system
#	manually if you want to avoid locally generated fragments.
#
#	In mode 2 incoming Path MTU Discovery messages will be
#	discarded. Outgoing frames are handled the same as in mode 1,
#	implicitly setting IP_PMTUDISC_DONT on every created socket.
#
#	Mode 3 is a hardend pmtu discover mode. The kernel will only
#	accept fragmentation-needed errors if the underlying protocol
#	can verify them besides a plain socket lookup. Current
#	protocols for which pmtu events will be honored are TCP, SCTP
#	and DCCP as they verify e.g. the sequence number or the
#	association. This mode should not be enabled globally but is
#	only intended to secure e.g. name servers in namespaces where
#	TCP path mtu must still work but path MTU information of other
#	protocols should be discarded. If enabled globally this mode
#	could break other protocols.
#
#	Possible values: 0-3
#	Default: FALSE
#
net.ipv4.min_pmtu = 552
#	default 552 - minimum discovered Path MTU
#
net.ipv4.ip_forward_use_pmtu = 0
#	By default we don't trust protocol path MTUs while forwarding
#	because they could be easily forged and can lead to unwanted
#	fragmentation by the router.
#	You only need to enable this if you have user-space software
#	which tries to discover path mtus by itself and depends on the
#	kernel honoring this information. This is normally not the
#	case.
#	Default: 0 (disabled)
#	Possible values:
#	0 - disabled
#	1 - enabled
#
net.ipv4.fwmark_reflect = 0
#	Controls the fwmark of kernel-generated IPv4 reply packets that are not
#	associated with a socket for example, TCP RSTs or ICMP echo replies).
#	If unset, these packets have a fwmark of zero. If set, they have the
#	fwmark of the packet they are replying to.
#	Default: 0
#
net.ipv4.route.max_size =
#	Maximum number of routes allowed in the kernel. Increase
#	this when using large numbers of interfaces and/or routes.
#	From Linux kernel >=3.6 onwards, this is deprecated for ipv4
#	as route cache is no longer used!
#
net.ipv4.neigh.default.gc_thresh1 = 128
#	Minimum number of entries to keep.  Garbage collector will not
#	purge entries if there are fewer than this number.
#	Default: 128
#
net.ipv4.neigh.default.gc_thresh2 = 512
#	Threshold when garbage collector becomes more aggressive about
#	purging entries. Entries older than 5 seconds will be cleared
#	when over this number.
#	Default: 512
#
net.ipv4.neigh.default.gc_thresh3 = 1024
#	Maximum number of neighbor entries allowed.  Increase this
#	when using large numbers of interfaces and when communicating
#	with large numbers of directly-connected peers.
#	Default: 1024
#
net.ipv4.neigh.default.unres_qlen_bytes = 65536
#	The maximum number of bytes which may be used by packets
#	queued for each	unresolved address by other network layers.
#	(added in linux 3.3)
#	Setting negative value is meaningless and will return error.
#	Default: 65536 Bytes(64KB)
#
net.ipv4.neigh.default.unres_qlen = 31
#	The maximum number of packets which may be queued for each
#	unresolved address by other network layers.
#	(deprecated in linux 3.3) : use unres_qlen_bytes instead.
#	Prior to linux 3.3, the default value is 3 which may cause
#	unexpected packet loss. The current default value is calculated
#	according to default value of unres_qlen_bytes and true size of
#	packet.
#	Default: 31
#
net.ipv4.mtu_expires =
#	Time, in seconds, that cached PMTU information is kept.
#
net.ipv4.min_adv_mss =
#	The advertised MSS depends on the first hop route MTU, but will
#	never be lower than this setting.
#
####IP Fragmentation:
#
net.ipv4.ipfrag_high_thresh =
#	Maximum memory used to reassemble IP fragments. When
#	ipfrag_high_thresh bytes of memory is allocated for this purpose,
#	the fragment handler will toss packets until ipfrag_low_thresh
#	is reached. This also serves as a maximum limit to namespaces
#	different from the initial one.
#
net.ipv4.ipfrag_low_thresh =
#	Maximum memory used to reassemble IP fragments before the kernel
#	begins to remove incomplete fragment queues to free up resources.
#	The kernel still accepts new fragments for defragmentation.
#
net.ipv4.ipfrag_time =
#	Time in seconds to keep an IP fragment in memory.
#
net.ipv4.ipfrag_max_dist = 64
#	ipfrag_max_dist is a non-negative integer value which defines the
#	maximum "disorder" which is allowed among fragments which share a
#	common IP source address. Note that reordering of packets is
#	not unusual, but if a large number of fragments arrive from a source
#	IP address while a particular fragment queue remains incomplete, it
#	probably indicates that one or more fragments belonging to that queue
#	have been lost. When ipfrag_max_dist is positive, an additional check
#	is done on fragments before they are added to a reassembly queue - if
#	ipfrag_max_dist (or more) fragments have arrived from a particular IP
#	address between additions to any IP fragment queue using that source
#	address, it's presumed that one or more fragments in the queue are
#	lost. The existing fragment queue will be dropped, and a new one
#	started. An ipfrag_max_dist value of zero disables this check.
#
#	Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can
#	result in unnecessarily dropping fragment queues when normal
#	reordering of packets occurs, which could lead to poor application
#	performance. Using a very large value, e.g. 50000, increases the
#	likelihood of incorrectly reassembling IP fragments that originate
#	from different IP datagrams, which could result in data corruption.
#	Default: 64
#
####INET peer storage:
#
net.ipv4.net.ipv4.inet_peer_threshold =
#	The approximate size of the storage.  Starting from this threshold
#	entries will be thrown aggressively.  This threshold also determines
#	entries' time-to-live and time intervals between garbage collection
#	passes.  More entries, less time-to-live, less GC interval.
#
net.ipv4.inet_peer_minttl =
#	Minimum time-to-live of entries.  Should be enough to cover fragment
#	time-to-live on the reassembling side.  This minimum time-to-live  is
#	guaranteed if the pool size is less than inet_peer_threshold.
#	Measured in seconds.
#
net.ipv4.inet_peer_maxttl =
#	Maximum time-to-live of entries.  Unused entries will expire after
#	this period of time if there is no memory pressure on the pool (i.e.
#	when the number of entries in the pool is very small).
#	Measured in seconds.
#
####TCP variables:
#
net.ipv4.somaxconn = 128
#	Limit of socket listen() backlog, known in userspace as SOMAXCONN.
#	Defaults to 128.  See also tcp_max_syn_backlog for additional tuning
#	for TCP sockets.
#
net.ipv4.tcp_abort_on_overflow =
#	If listening service is too slow to accept new connections,
#	reset them. Default state is FALSE. It means that if overflow
#	occurred due to a burst, connection will recover. Enable this
#	option _only_ if you are really sure that listening daemon
#	cannot be tuned to accept connections faster. Enabling this
#	option can harm clients of your server.
#
net.ipv4.tcp_adv_win_scale = 1
#	Count buffering overhead as bytes/2^tcp_adv_win_scale
#	(if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale),
#	if it is <= 0.
#	Possible values are [-31, 31], inclusive.
#	Default: 1
#
net.ipv4.tcp_allowed_congestion_control =
#	Show/set the congestion control choices available to non-privileged
#	processes. The list is a subset of those listed in
#	tcp_available_congestion_control.
#	Default is "reno" and the default setting (tcp_congestion_control).
#
net.ipv4.tcp_app_win = 31
#	Reserve max(window/2^tcp_app_win, mss) of window for application
#	buffer. Value 0 is special, it means that nothing is reserved.
#	Default: 31
#
net.ipv4.tcp_autocorking = 1
#	Enable TCP auto corking :
#	When applications do consecutive small write()/sendmsg() system calls,
#	we try to coalesce these small writes as much as possible, to lower
#	total amount of sent packets. This is done if at least one prior
#	packet for the flow is waiting in Qdisc queues or device transmit
#	queue. Applications can still use TCP_CORK for optimal behavior
#	when they know how/when to uncork their sockets.
#	Default : 1
#
net.ipv4.tcp_available_congestion_control =
#	Shows the available congestion control choices that are registered.
#	More congestion control algorithms may be available as modules,
#	but not loaded.
#
net.ipv4.tcp_base_mss =
#	The initial value of search_low to be used by the packetization layer
#	Path MTU discovery (MTU probing).  If MTU probing is enabled,
#	this is the initial MSS used by the connection.
#
tcp_congestion_control =
#	Set the congestion control algorithm to be used for new
#	connections. The algorithm "reno" is always available, but
#	additional choices may be available based on kernel configuration.
#	Default is set as part of kernel configuration.
#	For passive connections, the listener congestion control choice
#	is inherited.
#	[see setsockopt(listenfd, SOL_TCP, TCP_CONGESTION, "name" ...) ]
#
net.ipv4.tcp_dsack =
#	Allows TCP to send "duplicate" SACKs.
#
net.ipv4.tcp_early_retrans = 3
#	Enable Early Retransmit (ER), per RFC 5827. ER lowers the threshold
#	for triggering fast retransmit when the amount of outstanding data is
#	small and when no previously unsent data can be transmitted (such
#	that limited transmit could be used). Also controls the use of
#	Tail loss probe (TLP) that converts RTOs occurring due to tail
#	losses into fast recovery (draft-dukkipati-tcpm-tcp-loss-probe-01).
#	Possible values:
#		0 disables ER
#		1 enables ER
#		2 enables ER but delays fast recovery and fast retransmit
#		  by a fourth of RTT. This mitigates connection falsely
#		  recovers when network has a small degree of reordering
#		  (less than 3 packets).
#		3 enables delayed ER and TLP.
#		4 enables TLP only.
#	Default: 3
#
net.ipv4.tcp_ecn = 2
#	Control use of Explicit Congestion Notification (ECN) by TCP.
#	ECN is used only when both ends of the TCP connection indicate
#	support for it.  This feature is useful in avoiding losses due
#	to congestion by allowing supporting routers to signal
#	congestion before having to drop packets.
#	Possible values are:
#		0 Disable ECN.  Neither initiate nor accept ECN.
#		1 Enable ECN when requested by incoming connections and
#		  also request ECN on outgoing connection attempts.
#		2 Enable ECN when requested by incoming connections
#		  but do not request ECN on outgoing connections.
#	Default: 2
#
net.ipv4.tcp_fack =
#	Enable FACK congestion avoidance and fast retransmission.
#	The value is not used, if tcp_sack is not enabled.
#
net.ipv4.tcp_fin_timeout = 60
#	The length of time an orphaned (no longer referenced by any
#	application) connection will remain in the FIN_WAIT_2 state
#	before it is aborted at the local end.  While a perfectly
#	valid "receive only" state for an un-orphaned connection, an
#	orphaned connection in FIN_WAIT_2 state could otherwise wait
#	forever for the remote to close its end of the connection.
#	Cf. tcp_max_orphans
#	Default: 60 seconds
#
net.ipv4.tcp_frto = 0
#	Enables Forward RTO-Recovery (F-RTO) defined in RFC5682.
#	F-RTO is an enhanced recovery algorithm for TCP retransmission
#	timeouts.  It is particularly beneficial in networks where the
#	RTT fluctuates (e.g., wireless). F-RTO is sender-side only
#	modification. It does not require any support from the peer.
#
#	By default it's enabled with a non-zero value. 0 disables F-RTO.
#
net.ipv4.tcp_invalid_ratelimit = 500
#	Limit the maximal rate for sending duplicate acknowledgments
#	in response to incoming TCP packets that are for an existing
#	connection but that are invalid due to any of these reasons:
#
#	  (a) out-of-window sequence number,
#	  (b) out-of-window acknowledgment number, or
#	  (c) PAWS (Protection Against Wrapped Sequence numbers) check failure
#
#	This can help mitigate simple "ack loop" DoS attacks, wherein
#	a buggy or malicious middlebox or man-in-the-middle can
#	rewrite TCP header fields in manner that causes each endpoint
#	to think that the other is sending invalid TCP segments, thus
#	causing each side to send an unterminating stream of duplicate
#	acknowledgments for invalid segments.
#
#	Using 0 disables rate-limiting of dupacks in response to
#	invalid segments; otherwise this value specifies the minimal
#	space between sending such dupacks, in milliseconds.
#
#	Default: 500 (milliseconds).
#
net.ipv4.tcp_keepalive_time =
#	How often TCP sends out keepalive messages when keepalive is enabled.
#	Default: 2hours.
#
net.ipv4.tcp_keepalive_probes = 9
#	How many keepalive probes TCP sends out, until it decides that the
#	connection is broken. Default value: 9.
#
net.ipv4.tcp_keepalive_intvl =
#	How frequently the probes are send out. Multiplied by
#	tcp_keepalive_probes it is time to kill not responding connection,
#	after probes started. Default value: 75sec i.e. connection
#	will be aborted after ~11 minutes of retries.
#
net.ipv4.tcp_low_latency = 0
#	If set, the TCP stack makes decisions that prefer lower
#	latency as opposed to higher throughput.  By default, this
#	option is not set meaning that higher throughput is preferred.
#	An example of an application where this default should be
#	changed would be a Beowulf compute cluster.
#	Default: 0
#
net.ipv4.tcp_max_orphans =
#	Maximal number of TCP sockets not attached to any user file handle,
#	held by system.	If this number is exceeded orphaned connections are
#	reset immediately and warning is printed. This limit exists
#	only to prevent simple DoS attacks, you _must_ not rely on this
#	or lower the limit artificially, but rather increase it
#	(probably, after increasing installed memory),
#	if network conditions require more than default value,
#	and tune network services to linger and kill such states
#	more aggressively. Let me to remind again: each orphan eats
#	up to ~64K of unswappable memory.
#
net.ipv4.tcp_max_syn_backlog =
#	Maximal number of remembered connection requests, which have not
#	received an acknowledgment from connecting client.
#	The minimal value is 128 for low memory machines, and it will
#	increase in proportion to the memory of machine.
#	If server suffers from overload, try increasing this number.
#
net.ipv4.tcp_max_tw_buckets =
#	Maximal number of timewait sockets held by system simultaneously.
#	If this number is exceeded time-wait socket is immediately destroyed
#	and warning is printed. This limit exists only to prevent
#	simple DoS attacks, you _must_ not lower the limit artificially,
#	but rather increase it (probably, after increasing installed memory),
#	if network conditions require more than default value.
#
net.ipv4.tcp_mem =
#	min: below this number of pages TCP is not bothered about its
#	memory appetite.
#
#	pressure: when amount of memory allocated by TCP exceeds this number
#	of pages, TCP moderates its memory consumption and enters memory
#	pressure mode, which is exited when memory consumption falls
#	under "min".
#
#	max: number of pages allowed for queueing by all TCP sockets.
#
#	Defaults are calculated at boot time from amount of available
#	memory.
#
net.ipv4.tcp_memtcp_moderate_rcvbuf =
#	If set, TCP performs receive buffer auto-tuning, attempting to
#	automatically size the buffer (no greater than tcp_rmem[2]) to
#	match the size required by the path for full throughput.  Enabled by
#	default.
#
net.ipv4.tcp_mtu_probing =
#	Controls TCP Packetization-Layer Path MTU Discovery.  Takes three
#	values:
#	  0 - Disabled
#	  1 - Disabled by default, enabled when an ICMP black hole detected
#	  2 - Always enabled, use initial MSS of tcp_base_mss.
#
net.ipv4.tcp_no_metrics_save =
#	By default, TCP saves various connection metrics in the route cache
#	when the connection closes, so that connections established in the
#	near future can use these to set initial conditions.  Usually, this
#	increases overall performance, but may sometimes cause performance
#	degradation.  If set, TCP will not cache metrics on closing
#	connections.
#
net.ipv4.tcp_orphan_retries =
#	This value influences the timeout of a locally closed TCP connection,
#	when RTO retransmissions remain unacknowledged.
#	See tcp_retries2 for more details.
#
#	The default value is 8.
#	If your machine is a loaded WEB server,
#	you should think about lowering this value, such sockets
#	may consume significant resources. Cf. tcp_max_orphans.
#
net.ipv4.tcp_reordering = 3
#	Initial reordering level of packets in a TCP stream.
#	TCP stack can then dynamically adjust flow reordering level
#	between this initial value and tcp_max_reordering
#	Default: 3
#
net.ipv4.tcp_max_reordering = 300
#	Maximal reordering level of packets in a TCP stream.
#	300 is a fairly conservative value, but you might increase it
#	if paths are using per packet load balancing (like bonding rr mode)
#	Default: 300
#
tcp_retrans_collapse - BOOLEAN
#	Bug-to-bug compatibility with some broken printers.
#	On retransmit try to send bigger packets to work around bugs in
#	certain TCP stacks.
#
net.ipv4.tcp_retries1 =
#	This value influences the time, after which TCP decides, that
#	something is wrong due to unacknowledged RTO retransmissions,
#	and reports this suspicion to the network layer.
#	See tcp_retries2 for more details.
#
#	RFC 1122 recommends at least 3 retransmissions, which is the
#	default.
#
net.ipv4.tcp_retries2 =
#	This value influences the timeout of an alive TCP connection,
#	when RTO retransmissions remain unacknowledged.
#	Given a value of N, a hypothetical TCP connection following
#	exponential backoff with an initial RTO of TCP_RTO_MIN would
#	retransmit N times before killing the connection at the (N+1)th RTO.
#
#	The default value of 15 yields a hypothetical timeout of 924.6
#	seconds and is a lower bound for the effective timeout.
#	TCP will effectively time out at the first RTO which exceeds the
#	hypothetical timeout.
#
#	RFC 1122 recommends at least 100 seconds for the timeout,
#	which corresponds to a value of at least 8.
#
net.ipv4.tcp_rfc1337 = 0
#	If set, the TCP stack behaves conforming to RFC1337. If unset,
#	we are not conforming to RFC, but prevent TCP TIME_WAIT
#	assassination.
#	Default: 0
#
net.ipv4.tcp_rmem = 1
#	min: Minimal size of receive buffer used by TCP sockets.
#	It is guaranteed to each TCP socket, even under moderate memory
#	pressure.
#	Default: 1 page
#
#	default: initial size of receive buffer used by TCP sockets.
#	This value overrides net.core.rmem_default used by other protocols.
#	Default: 87380 bytes. This value results in window of 65535 with
#	default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit
#	less for default tcp_app_win. See below about these variables.
#
#	max: maximal size of receive buffer allowed for automatically
#	selected receiver buffers for TCP socket. This value does not override
#	net.core.rmem_max.  Calling setsockopt() with SO_RCVBUF disables
#	automatic tuning of that socket's receive buffer size, in which
#	case this value is ignored.
#	Default: between 87380B and 6MB, depending on RAM size.
#
net.ipv4.tcp_sack =
#	Enable select acknowledgments (SACKS).
#
net.ipv4.tcp_slow_start_after_idle = 1
#	If set, provide RFC2861 behavior and time out the congestion
#	window after an idle period.  An idle period is defined at
#	the current RTO.  If unset, the congestion window will not
#	be timed out after an idle period.
#	Default: 1
#
net.ipv4.tcp_stdurg = 0
#	Use the Host requirements interpretation of the TCP urgent pointer field.
#	Most hosts use the older BSD interpretation, so if you turn this on
#	Linux might not communicate correctly with them.
#	Default: FALSE
#
net.ipv4.tcp_synack_retries =
#	Number of times SYNACKs for a passive TCP connection attempt will
#	be retransmitted. Should not be higher than 255. Default value
#	is 5, which corresponds to 31seconds till the last retransmission
#	with the current initial RTO of 1second. With this the final timeout
#	for a passive TCP connection will happen after 63seconds.
#
net.ipv4.tcp_syncookies = 1
#	Only valid when the kernel was compiled with CONFIG_SYN_COOKIES
#	Send out syncookies when the syn backlog queue of a socket
#	overflows. This is to prevent against the common 'SYN flood attack'
#	Default: 1
#
#	Note, that syncookies is fallback facility.
#	It MUST NOT be used to help highly loaded servers to stand
#	against legal connection rate. If you see SYN flood warnings
#	in your logs, but investigation	shows that they occur
#	because of overload with legal connections, you should tune
#	another parameters until this warning disappear.
#	See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow.
#
#	syncookies seriously violate TCP protocol, do not allow
#	to use TCP extensions, can result in serious degradation
#	of some services (f.e. SMTP relaying), visible not by you,
#	but your clients and relays, contacting you. While you see
#	SYN flood warnings in logs not being really flooded, your server
#	is seriously misconfigured.
#
#	If you want to test which effects syncookies have to your
#	network connections you can set this knob to 2 to enable
#	unconditionally generation of syncookies.
#
net.ipv4.tcp_fastopen = 1
#	Enable TCP Fast Open feature (draft-ietf-tcpm-fastopen) to send data
#	in the opening SYN packet. To use this feature, the client application
#	must use sendmsg() or sendto() with MSG_FASTOPEN flag rather than
#	connect() to perform a TCP handshake automatically.
#
#	The values (bitmap) are
#	1: Enables sending data in the opening SYN on the client w/ MSG_FASTOPEN.
#	2: Enables TCP Fast Open on the server side, i.e., allowing data in
#	   a SYN packet to be accepted and passed to the application before
#	   3-way hand shake finishes.
#	4: Send data in the opening SYN regardless of cookie availability and
#	   without a cookie option.
#	0x100: Accept SYN data w/o validating the cookie.
#	0x200: Accept data-in-SYN w/o any cookie option present.
#	0x400/0x800: Enable Fast Open on all listeners regardless of the
#	   TCP_FASTOPEN socket option. The two different flags designate two
#	   different ways of setting max_qlen without the TCP_FASTOPEN socket
#	   option.
#
#	Default: 1
#
#	Note that the client & server side Fast Open flags (1 and 2
#	respectively) must be also enabled before the rest of flags can take
#	effect.
#
#	See include/net/tcp.h and the code for more details.
#
net.ipv4.tcp_syn_retries =
#	Number of times initial SYNs for an active TCP connection attempt
#	will be retransmitted. Should not be higher than 255. Default value
#	is 6, which corresponds to 63seconds till the last retransmission
#	with the current initial RTO of 1second. With this the final timeout
#	for an active TCP connection attempt will happen after 127seconds.
#
net.ipv4.tcp_timestamps =
#	Enable timestamps as defined in RFC1323.
#
net.ipv4.tcp_min_tso_segs = 2
#	Minimal number of segments per TSO frame.
#	Since linux-3.12, TCP does an automatic sizing of TSO frames,
#	depending on flow rate, instead of filling 64Kbytes packets.
#	For specific usages, it's possible to force TCP to build big
#	TSO frames. Note that TCP stack might split too big TSO packets
#	if available window is too small.
#	Default: 2
#
net.ipv4.tcp_tso_win_divisor = 3
#	This allows control over what percentage of the congestion window
#	can be consumed by a single TSO frame.
#	The setting of this parameter is a choice between burstiness and
#	building larger TSO frames.
#	Default: 3
#
net.ipv4.tcp_tw_recycle = 0
#	Enable fast recycling TIME-WAIT sockets. Default value is 0.
#	It should not be changed without advice/request of technical
#	experts.
#
net.ipv4.tcp_tw_reuse = 0
#	Allow to reuse TIME-WAIT sockets for new connections when it is
#	safe from protocol viewpoint. Default value is 0.
#	It should not be changed without advice/request of technical
#	experts.
#
net.ipv4.tcp_window_scaling =
#	Enable window scaling as defined in RFC1323.
#
net.ipv4.tcp_wmem =
#	min: Amount of memory reserved for send buffers for TCP sockets.
#	Each TCP socket has rights to use it due to fact of its birth.
#	Default: 1 page
#
#	default: initial size of send buffer used by TCP sockets.  This
#	value overrides net.core.wmem_default used by other protocols.
#	It is usually lower than net.core.wmem_default.
#	Default: 16K
#
#	max: Maximal amount of memory allowed for automatically tuned
#	send buffers for TCP sockets. This value does not override
#	net.core.wmem_max.  Calling setsockopt() with SO_SNDBUF disables
#	automatic tuning of that socket's send buffer size, in which case
#	this value is ignored.
#	Default: between 64K and 4MB, depending on RAM size.
#
net.ipv4.tcp_notsent_lowat =
#	A TCP socket can control the amount of unsent bytes in its write queue,
#	thanks to TCP_NOTSENT_LOWAT socket option. poll()/select()/epoll()
#	reports POLLOUT events if the amount of unsent bytes is below a per
#	socket value, and if the write queue is not full. sendmsg() will
#	also not add new buffers if the limit is hit.
#
#	This global variable controls the amount of unsent data for
#	sockets not using TCP_NOTSENT_LOWAT. For these sockets, a change
#	to the global variable has immediate effect.
#
#	Default: UINT_MAX (0xFFFFFFFF)
#
net.ipv4.tcp_workaround_signed_windows = 0
#	If set, assume no receipt of a window scaling option means the
#	remote TCP is broken and treats the window as a signed quantity.
#	If unset, assume the remote TCP is not broken even if we do
#	not receive a window scaling option from them.
#	Default: 0
#
net.ipv4.tcp_thin_linear_timeouts = 0
#	Enable dynamic triggering of linear timeouts for thin streams.
#	If set, a check is performed upon retransmission by timeout to
#	determine if the stream is thin (less than 4 packets in flight).
#	As long as the stream is found to be thin, up to 6 linear
#	timeouts may be performed before exponential backoff mode is
#	initiated. This improves retransmission latency for
#	non-aggressive thin streams, often found to be time-dependent.
#	For more information on thin streams, see
#	Documentation/networking/tcp-thin.txt
#	Default: 0
#
net.ipv4.tcp_thin_dupack = 0
#	Enable dynamic triggering of retransmissions after one dupACK
#	for thin streams. If set, a check is performed upon reception
#	of a dupACK to determine if the stream is thin (less than 4
#	packets in flight). As long as the stream is found to be thin,
#	data is retransmitted on the first received dupACK. This
#	improves retransmission latency for non-aggressive thin
#	streams, often found to be time-dependent.
#	For more information on thin streams, see
#	Documentation/networking/tcp-thin.txt
#	Default: 0
#
net.ipv4.tcp_limit_output_bytes = 131072
#	Controls TCP Small Queue limit per tcp socket.
#	TCP bulk sender tends to increase packets in flight until it
#	gets losses notifications. With SNDBUF autotuning, this can
#	result in a large amount of packets queued in qdisc/device
#	on the local machine, hurting latency of other flows, for
#	typical pfifo_fast qdiscs.
#	tcp_limit_output_bytes limits the number of bytes on qdisc
#	or device to reduce artificial RTT/cwnd and reduce bufferbloat.
#	Default: 131072
#
net.ipv4.tcp_challenge_ack_limit = 100
#	Limits number of Challenge ACK sent per second, as recommended
#	in RFC 5961 (Improving TCP's Robustness to Blind In-Window Attacks)
#	Default: 100
#
####UDP variables:
#
net.ipv4.udp_mem =
#	Number of pages allowed for queueing by all UDP sockets.
#
#	min: Below this number of pages UDP is not bothered about its
#	memory appetite. When amount of memory allocated by UDP exceeds
#	this number, UDP starts to moderate memory usage.
#
#	pressure: This value was introduced to follow format of tcp_mem.
#
#	max: Number of pages allowed for queueing by all UDP sockets.
#
#	Default is calculated at boot time from amount of available memory.
#
net.ipv4.udp_rmem_min =
#	Minimal size of receive buffer used by UDP sockets in moderation.
#	Each UDP socket is able to use the size for receiving data, even if
#	total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
#	Default: 1 page
#
net.ipv4.udp_wmem_min =
#	Minimal size of send buffer used by UDP sockets in moderation.
#	Each UDP socket is able to use the size for sending data, even if
#	total pages of UDP sockets exceed udp_mem pressure. The unit is byte.
#	Default: 1 page
#
####CIPSOv4 Variables:
#
net.ipv4.cipso_cache_enable = 1
#	If set, enable additions to and lookups from the CIPSO label mapping
#	cache.  If unset, additions are ignored and lookups always result in a
#	miss.  However, regardless of the setting the cache is still
#	invalidated when required when means you can safely toggle this on and
#	off and the cache will always be "safe".
#	Default: 1
#
net.ipv4.cipso_cache_bucket_size = 10
#	The CIPSO label cache consists of a fixed size hash table with each
#	hash bucket containing a number of cache entries.  This variable limits
#	the number of entries in each hash bucket; the larger the value the
#	more CIPSO label mappings that can be cached.  When the number of
#	entries in a given hash bucket reaches this limit adding new entries
#	causes the oldest entry in the bucket to be removed to make room.
#	Default: 10
#
net.ipv4.cipso_rbm_optfmt = 0
#	Enable the "Optimized Tag 1 Format" as defined in section 3.4.2.6 of
#	the CIPSO draft specification (see Documentation/netlabel for details).
#	This means that when set the CIPSO tag will be padded with empty
#	categories in order to make the packet data 32-bit aligned.
#	Default: 0
#
net.ipv4.cipso_rbm_structvalid = 0
#	If set, do a very strict check of the CIPSO option when
#	ip_options_compile() is called.  If unset, relax the checks done during
#	ip_options_compile().  Either way is "safe" as errors are caught else
#	where in the CIPSO processing code but setting this to 0 (False) should
#	result in less work (i.e. it should be faster) but could cause problems
#	with other implementations that require strict checking.
#	Default: 0
#
####IP Variables:
#
net.ipv4.ip_local_port_range =
#	Defines the local port range that is used by TCP and UDP to
#	choose the local port. The first number is the first, the
#	second the last local port number. The default values are
#	32768 and 61000 respectively.
#
net.ipv4.ip_local_reserved_ports =
#	Specify the ports which are reserved for known third-party
#	applications. These ports will not be used by automatic port
#	assignments (e.g. when calling connect() or bind() with port
#	number 0). Explicit port allocation behavior is unchanged.
#
#	The format used for both input and output is a comma separated
#	list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
#	10). Writing to the file will clear all previously reserved
#	ports and update the current list with the one given in the
#	input.
#
#	Note that ip_local_port_range and ip_local_reserved_ports
#	settings are independent and both are considered by the kernel
#	when determining which ports are available for automatic port
#	assignments.
#
#	You can reserve ports which are not in the current
#	ip_local_port_range, e.g.:
#
#	$ cat /proc/sys/net/ipv4/ip_local_port_range
#	32000	61000
#	$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
#	8080,9148
#
#	although this is redundant. However such a setting is useful
#	if later the port range is changed to a value that will
#	include the reserved ports.
#
#	Default: Empty
#
net.ipv4.net.ipv4.ip_nonlocal_bind = 0
#	If set, allows processes to bind() to non-local IP addresses,
#	which can be quite useful - but may break some applications.
#	Default: 0
#
net.ipv4.ip_dynaddr = 0
#	If set non-zero, enables support for dynamic addresses.
#	If set to a non-zero value larger than 1, a kernel log
#	message will be printed when dynamic address rewriting
#	occurs.
#	Default: 0
#
net.ipv4.ip_early_demux = 1
#	Optimize input packet processing down to one demux for
#	certain kinds of local sockets.  Currently we only do this
#	for established TCP sockets.
#
#	It may add an additional cost for pure routing workloads that
#	reduces overall throughput, in such case you should disable it.
#	Default: 1
#
net.ipv4.icmp_echo_ignore_all = 0
#	If set non-zero, then the kernel will ignore all ICMP ECHO
#	requests sent to it.
#	Default: 0
#
net.ipv4.icmp_echo_ignore_broadcasts = 1
#	If set non-zero, then the kernel will ignore all ICMP ECHO and
#	TIMESTAMP requests sent to it via broadcast/multicast.
#	Default: 1
#
net.ipv4.icmp_ratelimit = 1000
#	Limit the maximal rates for sending ICMP packets whose type matches
#	icmp_ratemask (see below) to specific targets.
#	0 to disable any limiting,
#	otherwise the minimal space between responses in milliseconds.
#	Note that another sysctl, icmp_msgs_per_sec limits the number
#	of ICMP packets	sent on all targets.
#	Default: 1000
#
net.ipv4.icmp_msgs_per_sec 1000
#	Limit maximal number of ICMP packets sent per second from this host.
#	Only messages whose type matches icmp_ratemask (see below) are
#	controlled by this limit.
#	Default: 1000
#
net.ipv4.icmp_msgs_burst = 50
#	icmp_msgs_per_sec controls number of ICMP packets sent per second,
#	while icmp_msgs_burst controls the burst size of these packets.
#	Default: 50
#
net.ipv4.icmp_ratemask =
#	Mask made of ICMP types for which rates are being limited.
#	Significant bits: IHGFEDCBA9876543210
#	Default mask:     0000001100000011000 (6168)
#
#	Bit definitions (see include/linux/icmp.h):
#		0 Echo Reply
#		3 Destination Unreachable *
#		4 Source Quench *
#		5 Redirect
#		8 Echo Request
#		B Time Exceeded *
#		C Parameter Problem *
#		D Timestamp Request
#		E Timestamp Reply
#		F Info Request
#		G Info Reply
#		H Address Mask Request
#		I Address Mask Reply
#
#	* These are rate limited by default (see default mask above)
#
net.ipv4.icmp_ignore_bogus_error_responses = 1
#	Some routers violate RFC1122 by sending bogus responses to broadcast
#	frames.  Such violations are normally logged via a kernel warning.
#	If this is set to TRUE, the kernel will not give such warnings, which
#	will avoid log file clutter.
#	Default: 1
#
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
#
#	If zero, icmp error messages are sent with the primary address of
#	the exiting interface.
#
#	If non-zero, the message will be sent with the primary address of
#	the interface that received the packet that caused the icmp error.
#	This is the behaviour network many administrators will expect from
#	a router. And it can make debugging complicated network layouts
#	much easier.
#
#	Note that if no primary address exists for the interface selected,
#	then the primary address of the first non-loopback interface that
#	has one will be used regardless of this setting.
#
#	Default: 0
#
net.ipv4.igmp_max_memberships =
#	Change the maximum number of multicast groups we can subscribe to.
#	Default: 20
#
#	Theoretical maximum value is bounded by having to send a membership
#	report in a single datagram (i.e. the report can't span multiple
#	datagrams, or risk confusing the switch and leaving groups you don't
#	intend to).
#
#	The number of supported groups 'M' is bounded by the number of group
#	report entries you can fit into a single datagram of 65535 bytes.
#
#	M = 65536-sizeof (ip header)/(sizeof(Group record))
#
#	Group records are variable length, with a minimum of 12 bytes.
#	So net.ipv4.igmp_max_memberships should not be set higher than:
#
#	(65536-24) / 12 = 5459
#
#	The value 5459 assumes no IP header options, so in practice
#	this number may be lower.
#
#	conf/interface/*  changes special settings per interface (where
#	"interface" is the name of your network interface)
#
#	conf/all/*	  is special, changes the settings for all interfaces
#
net.ipv4.igmp_qrv =
#	 Controls the IGMP query robustness variable (see RFC2236 8.1).
#	 Default: 2 (as specified by RFC2236 8.1)
#	 Minimum: 1 (as specified by RFC6636 4.5)
#
net.ipv4.log_martians =
#	Log packets with impossible addresses to kernel log.
#	log_martians for the interface will be enabled if at least one of
#	conf/{all,interface}/log_martians is set to TRUE,
#	it will be disabled otherwise
#
net.ipv4.accept_redirects =
#	Accept ICMP redirect messages.
#	accept_redirects for the interface will be enabled if:
#	- both conf/{all,interface}/accept_redirects are TRUE in the case
#	  forwarding for the interface is enabled
#	or
#	- at least one of conf/{all,interface}/accept_redirects is TRUE in the
#	  case forwarding for the interface is disabled
#	accept_redirects for the interface will be disabled otherwise
#	default TRUE (host)
#		FALSE (router)
#
net.ipv4.forwarding = 0
#	Enable IP forwarding on this interface.
#
net.ipv4.mc_forwarding =
#	Do multicast routing. The kernel needs to be compiled with CONFIG_MROUTE
#	and a multicast routing daemon is required.
#	conf/all/mc_forwarding must also be set to TRUE to enable multicast
#	routing	for the interface
#
net.ipv4.medium_id =
#	Integer value used to differentiate the devices by the medium they
#	are attached to. Two devices can have different id values when
#	the broadcast packets are received only on one of them.
#	The default value 0 means that the device is the only interface
#	to its medium, value of -1 means that medium is not known.
#
#	Currently, it is used to change the proxy_arp behavior:
#	the proxy_arp feature is enabled for packets forwarded between
#	two devices attached to different media.
#
net.ipv4.proxy_arp =
#	Do proxy arp.
#	proxy_arp for the interface will be enabled if at least one of
#	conf/{all,interface}/proxy_arp is set to TRUE,
#	it will be disabled otherwise
#
net.ipv4.proxy_arp_pvlan =
#	Private VLAN proxy arp.
#	Basically allow proxy arp replies back to the same interface
#	(from which the ARP request/solicitation was received).
#
#	This is done to support (ethernet) switch features, like RFC
#	3069, where the individual ports are NOT allowed to
#	communicate with each other, but they are allowed to talk to
#	the upstream router.  As described in RFC 3069, it is possible
#	to allow these hosts to communicate through the upstream
#	router by proxy_arp'ing. Don't need to be used together with
#	proxy_arp.
#
#	This technology is known by different names:
#	  In RFC 3069 it is called VLAN Aggregation.
#	  Cisco and Allied Telesyn call it Private VLAN.
#	  Hewlett-Packard call it Source-Port filtering or port-isolation.
#	  Ericsson call it MAC-Forced Forwarding (RFC Draft).
#
net.ipv4.shared_media = 1
#	Send(router) or accept(host) RFC1620 shared media redirects.
#	Overrides ip_secure_redirects.
#	shared_media for the interface will be enabled if at least one of
#	conf/{all,interface}/shared_media is set to TRUE,
#	it will be disabled otherwise
#	default TRUE
#
net.ipv4.secure_redirects = 1
#	Accept ICMP redirect messages only for gateways,
#	listed in default gateway list.
#	secure_redirects for the interface will be enabled if at least one of
#	conf/{all,interface}/secure_redirects is set to TRUE,
#	it will be disabled otherwise
#	default TRUE
#
net.ipv4.send_redirects = 1
#	Send redirects, if router.
#	send_redirects for the interface will be enabled if at least one of
#	conf/{all,interface}/send_redirects is set to TRUE,
#	it will be disabled otherwise
#	Default: TRUE
#
net.ipv4.bootp_relay = 0
#	Accept packets with source address 0.b.c.d destined
#	not to this host as local ones. It is supposed, that
#	BOOTP relay daemon will catch and forward such packets.
#	conf/all/bootp_relay must also be set to TRUE to enable BOOTP relay
#	for the interface
#	default FALSE
#	Not Implemented Yet.
#
net.ipv4.accept_source_route = 1
#	Accept packets with SRR option.
#	conf/all/accept_source_route must also be set to TRUE to accept packets
#	with SRR option on the interface
#	default TRUE (router)
#		FALSE (host)
#
net.ipv4.accept_local = 0
#	Accept packets with local source addresses. In combination with
#	suitable routing, this can be used to direct packets between two
#	local interfaces over the wire and have them accepted properly.
#	default FALSE
#
net.ipv4.route_localnet =
#	Do not consider loopback addresses as martian source or destination
#	while routing. This enables the use of 127/8 for local routing purposes.
#	default FALSE
#
net.ipv4.rp_filter =
#	0 - No source validation.
#	1 - Strict mode as defined in RFC3704 Strict Reverse Path
#	    Each incoming packet is tested against the FIB and if the interface
#	    is not the best reverse path the packet check will fail.
#	    By default failed packets are discarded.
#	2 - Loose mode as defined in RFC3704 Loose Reverse Path
#	    Each incoming packet's source address is also tested against the FIB
#	    and if the source address is not reachable via any interface
#	    the packet check will fail.
#
#	Current recommended practice in RFC3704 is to enable strict mode
#	to prevent IP spoofing from DDos attacks. If using asymmetric routing
#	or other complicated routing, then loose mode is recommended.
#
#	The max value from conf/{all,interface}/rp_filter is used
#	when doing source validation on the {interface}.
#
#	Default value is 0. Note that some distributions enable it
#	in startup scripts.
#
net.ipv4.arp_filter =
#	1 - Allows you to have multiple network interfaces on the same
#	subnet, and have the ARPs for each interface be answered
#	based on whether or not the kernel would route a packet from
#	the ARP'd IP out that interface (therefore you must use source
#	based routing for this to work). In other words it allows control
#	of which cards (usually 1) will respond to an arp request.
#
#	0 - (default) The kernel can respond to arp requests with addresses
#	from other interfaces. This may seem wrong but it usually makes
#	sense, because it increases the chance of successful communication.
#	IP addresses are owned by the complete host on Linux, not by
#	particular interfaces. Only for more complex setups like load-
#	balancing, does this behaviour cause problems.
#
#	arp_filter for the interface will be enabled if at least one of
#	conf/{all,interface}/arp_filter is set to TRUE,
#	it will be disabled otherwise
#
net.ipv4.arp_announce =
#	Define different restriction levels for announcing the local
#	source IP address from IP packets in ARP requests sent on
#	interface:
#	0 - (default) Use any local address, configured on any interface
#	1 - Try to avoid local addresses that are not in the target's
#	subnet for this interface. This mode is useful when target
#	hosts reachable via this interface require the source IP
#	address in ARP requests to be part of their logical network
#	configured on the receiving interface. When we generate the
#	request we will check all our subnets that include the
#	target IP and will preserve the source address if it is from
#	such subnet. If there is no such subnet we select source
#	address according to the rules for level 2.
#	2 - Always use the best local address for this target.
#	In this mode we ignore the source address in the IP packet
#	and try to select local address that we prefer for talks with
#	the target host. Such local address is selected by looking
#	for primary IP addresses on all our subnets on the outgoing
#	interface that include the target IP address. If no suitable
#	local address is found we select the first local address
#	we have on the outgoing interface or on all other interfaces,
#	with the hope we will receive reply for our request and
#	even sometimes no matter the source IP address we announce.
#
#	The max value from conf/{all,interface}/arp_announce is used.
#
#	Increasing the restriction level gives more chance for
#	receiving answer from the resolved target while decreasing
#	the level announces more valid sender's information.
#
net.ipv4.arp_ignore =
#	Define different modes for sending replies in response to
#	received ARP requests that resolve local target IP addresses:
#	0 - (default): reply for any local target IP address, configured
#	on any interface
#	1 - reply only if the target IP address is local address
#	configured on the incoming interface
#	2 - reply only if the target IP address is local address
#	configured on the incoming interface and both with the
#	sender's IP address are part from same subnet on this interface
#	3 - do not reply for local addresses configured with scope host,
#	only resolutions for global and link addresses are replied
#	4-7 - reserved
#	8 - do not reply for all local addresses
#
#	The max value from conf/{all,interface}/arp_ignore is used
#	when ARP request is received on the {interface}
#
net.ipv4.arp_notify = 0
#	Define mode for notification of address and device changes.
#	0 - (default): do nothing
#	1 - Generate gratuitous arp requests when device is brought up
#	    or hardware address changes.
#
net.ipv4.arp_accept =
#	Define behavior for gratuitous ARP frames who's IP is not
#	already present in the ARP table:
#	0 - don't create new entries in the ARP table
#	1 - create new entries in the ARP table
#
#	Both replies and requests type gratuitous arp will trigger the
#	ARP table to be updated, if this setting is on.
#
#	If the ARP table already contains the IP address of the
#	gratuitous arp frame, the arp table will be updated regardless
#	if this setting is on or off.
#
#
net.ipv4.app_solicit = 0
#	The maximum number of probes to send to the user space ARP daemon
#	via netlink before dropping back to multicast probes (see
#	mcast_solicit).  Defaults to 0.
#
net.ipv4.disable_policy =
#	Disable IPSEC policy (SPD) for this interface
#
net.ipv4.disable_xfrm =
#	Disable IPSEC encryption on this interface, whatever the policy
#
net.ipv4.igmpv2_unsolicited_report_interval = 10000
#	The interval in milliseconds in which the next unsolicited
#	IGMPv1 or IGMPv2 report retransmit will take place.
#	Default: 10000 (10 seconds)
#
net.ipv4.igmpv3_unsolicited_report_interval = 1000
#	The interval in milliseconds in which the next unsolicited
#	IGMPv3 report retransmit will take place.
#	Default: 1000 (1 seconds)
#
net.ipv4.promote_secondaries =
#	When a primary IP address is removed from this interface
#	promote a corresponding secondary IP address instead of
#	removing all the corresponding secondary IP addresses.
#
#
net.ipv4.tag = 0
#	Allows you to write a number, which can be used as required.
#	Default value is 0.


##################################
# /proc/sys/net/ipv6/* Variables:
##################################
#IPv6 has no global variables such as tcp_*.  tcp_* settings under ipv4/ also
#apply to IPv6 [XXX?].
#
net.ipv6.bindv6only = 0
#	Default value for IPV6_V6ONLY socket option,
#	which restricts use of the IPv6 socket to IPv6 communication
#	only.
#		TRUE: disable IPv4-mapped address feature
#		FALSE: enable IPv4-mapped address feature
#
#	Default: FALSE (as specified in RFC3493)
#
net.ipv6.flowlabel_consistency = 1
#	Protect the consistency (and unicity) of flow label.
#	You have to disable it to use IPV6_FL_F_REFLECT flag on the
#	flow label manager.
#	TRUE: enabled
#	FALSE: disabled
#	Default: TRUE
#
net.ipv6.auto_flowlabels = 0
#	Automatically generate flow labels based based on a flow hash
#	of the packet. This allows intermediate devices, such as routers,
#	to idenfify packet flows for mechanisms like Equal Cost Multipath
#	Routing (see RFC 6438).
#	TRUE: enabled
#	FALSE: disabled
#	Default: false
#
net.ipv6.anycast_src_echo_reply = 0
#	Controls the use of anycast addresses as source addresses for ICMPv6
#	echo reply
#	TRUE:  enabled
#	FALSE: disabled
#	Default: FALSE
#
net.ipv6.mld_qrv = 2
#	Controls the MLD query robustness variable (see RFC3810 9.1).
#	Default: 2 (as specified by RFC3810 9.1)
#	Minimum: 1 (as specified by RFC6636 4.5)
#
####IPv6 Fragmentation:
#
net.ipv6.ip6frag_high_thresh =
#	Maximum memory used to reassemble IPv6 fragments. When
#	ip6frag_high_thresh bytes of memory is allocated for this purpose,
#	the fragment handler will toss packets until ip6frag_low_thresh
#	is reached.
#
net.ipv6.ip6frag_low_thresh =
#	See ip6frag_high_thresh
#
net.ipv6.ip6frag_time =
#	Time in seconds to keep an IPv6 fragment in memory.
#
####conf/default/*:
####	Change the interface-specific default settings.
#
#
####conf/all/*:
####	Change all the interface-specific settings.
#
#	[XXX:  Other special features than forwarding?]
#
net.ipv6.conf.all.forwarding =
#	Enable global IPv6 forwarding between all interfaces.
#
#	IPv4 and IPv6 work differently here; e.g. netfilter must be used
#	to control which interfaces may forward packets and which not.
#
#	This also sets all interfaces' Host/Router setting
#	'forwarding' to the specified value.  See below for details.
#
#	This referred to as global forwarding.
#
net.ipv6.conf.all.proxy_ndp =
#	Do proxy ndp.
#
net.ipv6.conf.all.fwmark_reflect = 0
#	Controls the fwmark of kernel-generated IPv6 reply packets that are not
#	associated with a socket for example, TCP RSTs or ICMPv6 echo replies).
#	If unset, these packets have a fwmark of zero. If set, they have the
#	fwmark of the packet they are replying to.
#	Default: 0
#
#
####conf/interface/*:
#	Change special settings per interface.
#
#	The functional behaviour for certain settings is different
#	depending on whether local forwarding is enabled or not.
#
net.ipv6.conf.interface.accept_ra = 1
#	Accept Router Advertisements; autoconfigure using them.
#
#	It also determines whether or not to transmit Router
#	Solicitations. If and only if the functional setting is to
#	accept Router Advertisements, Router Solicitations will be
#	transmitted.
#
#	Possible values are:
#		0 Do not accept Router Advertisements.
#		1 Accept Router Advertisements if forwarding is disabled.
#		2 Overrule forwarding behaviour. Accept Router Advertisements
#		  even if forwarding is enabled.
#
#	Functional default: enabled if local forwarding is disabled.
#			    disabled if local forwarding is enabled.
#
net.ipv6.conf.interface.accept_ra_defrtr =
#	Learn default router in Router Advertisement.
#
#	Functional default: enabled if accept_ra is enabled.
#			    disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_from_local =
#	Accept RA with source-address that is found on local machine
#      if the RA is otherwise proper and able to be accepted.
#      Default is to NOT accept these as it may be an un-intended
#      network loop.
#
#	Functional default:
#          enabled if accept_ra_from_local is enabled
#               on a specific interface.
#	   disabled if accept_ra_from_local is disabled
#              on a specific interface.
#
net.ipv6.conf.interface.accept_ra_pinfo =
#	Learn Prefix Information in Router Advertisement.
#
#	Functional default: enabled if accept_ra is enabled.
#			    disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_rt_info_max_plen = 0
#	Maximum prefix length of Route Information in RA.
#
#	Route Information w/ prefix larger than or equal to this
#	variable shall be ignored.
#
#	Functional default: 0 if accept_ra_rtr_pref is enabled.
#			    -1 if accept_ra_rtr_pref is disabled.
#
net.ipv6.conf.interface.accept_ra_rtr_pref =
#	Accept Router Preference in RA.
#
#	Functional default: enabled if accept_ra is enabled.
#			    disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_ra_mtu =
#	Apply the MTU value specified in RA option 5 (RFC4861). If
#	disabled, the MTU specified in the RA will be ignored.
#
#	Functional default: enabled if accept_ra is enabled.
#			    disabled if accept_ra is disabled.
#
net.ipv6.conf.interface.accept_redirects =
#	Accept Redirects.
#
#	Functional default: enabled if local forwarding is disabled.
#			    disabled if local forwarding is enabled.
#
net.ipv6.conf.interface.accept_source_route = 0
#	Accept source routing (routing extension header).
#
#	>= 0: Accept only routing header type 2.
#	< 0: Do not accept routing header.
#
#	Default: 0
#
net.ipv6.conf.interface.autoconf =
#	Autoconfigure addresses using Prefix Information in Router
#	Advertisements.
#
#	Functional default: enabled if accept_ra_pinfo is enabled.
#			    disabled if accept_ra_pinfo is disabled.
#
net.ipv6.conf.interface.dad_transmits = 1
#	The amount of Duplicate Address Detection probes to send.
#	Default: 1
#
net.ipv6.conf.interface.forwarding = 0
#	Configure interface-specific Host/Router behaviour.
#
#	Note: It is recommended to have the same setting on all
#	interfaces; mixed router/host scenarios are rather uncommon.
#
#	Possible values are:
#		0 Forwarding disabled
#		1 Forwarding enabled
#
#	FALSE (0):
#
#	By default, Host behaviour is assumed.  This means:
#
#	1. IsRouter flag is not set in Neighbour Advertisements.
#	2. If accept_ra is TRUE (default), transmit Router
#	   Solicitations.
#	3. If accept_ra is TRUE (default), accept Router
#	   Advertisements (and do autoconfiguration).
#	4. If accept_redirects is TRUE (default), accept Redirects.
#
#	TRUE (1):
#
#	If local forwarding is enabled, Router behaviour is assumed.
#	This means exactly the reverse from the above:
#
#	1. IsRouter flag is set in Neighbour Advertisements.
#	2. Router Solicitations are not sent unless accept_ra is 2.
#	3. Router Advertisements are ignored unless accept_ra is 2.
#	4. Redirects are ignored.
#
#	Default: 0 (disabled) if global forwarding is disabled (default),
#		 otherwise 1 (enabled).
#
net.ipv6.conf.interface.hop_limit = 64
#	Default Hop Limit to set.
#	Default: 64
#
net.ipv6.conf.interface.mtu = 1280
#	Default Maximum Transfer Unit
#	Default: 1280 (IPv6 required minimum)
#
net.ipv6.conf.interface.router_probe_interval = 60
#	Minimum interval (in seconds) between Router Probing described
#	in RFC4191.
#
#	Default: 60
#
net.ipv6.conf.interface.router_solicitation_delay = 1
#	Number of seconds to wait after interface is brought up
#	before sending Router Solicitations.
#	Default: 1
#
net.ipv6.conf.interface.router_solicitation_interval =4
#	Number of seconds to wait between Router Solicitations.
#	Default: 4
#
net.ipv6.conf.interface.router_solicitations = 3
#	Number of Router Solicitations to send until assuming no
#	routers are present.
#	Default: 3
#
net.ipv6.conf.interface.use_tempaddr = 0
#	Preference for Privacy Extensions (RFC3041).
#	  <= 0 : disable Privacy Extensions
#	  == 1 : enable Privacy Extensions, but prefer public
#	         addresses over temporary addresses.
#	  >  1 : enable Privacy Extensions and prefer temporary
#	         addresses over public addresses.
#	Default:  0 (for most devices)
#		 -1 (for point-to-point devices and loopback devices)
#
net.ipv6.conf.interface.temp_valid_lft = 604800
#	valid lifetime (in seconds) for temporary addresses.
#	Default: 604800 (7 days)
#
net.ipv6.conf.interface.temp_prefered_lft = 86400
#	Preferred lifetime (in seconds) for temporary addresses.
#	Default: 86400 (1 day)
#
net.ipv6.conf.interface.max_desync_factor = 600
#	Maximum value for DESYNC_FACTOR, which is a random value
#	that ensures that clients don't synchronize with each
#	other and generate new addresses at exactly the same time.
#	value is in seconds.
#	Default: 600
#
net.ipv6.conf.interface.regen_max_retry = 5
#	Number of attempts before give up attempting to generate
#	valid temporary addresses.
#	Default: 5
#
net.ipv6.conf.interface.max_addresses = 16
#	Maximum number of autoconfigured addresses per interface.  Setting
#	to zero disables the limitation.  It is not recommended to set this
#	value too large (or to zero) because it would be an easy way to
#	crash the kernel by allowing too many addresses to be created.
#	Default: 16
#
net.ipv6.conf.interface.disable_ipv6 = 0
#	Disable IPv6 operation.  If accept_dad is set to 2, this value
#	will be dynamically set to TRUE if DAD fails for the link-local
#	address.
#	Default: FALSE (enable IPv6 operation)
#
#	When this value is changed from 1 to 0 (IPv6 is being enabled),
#	it will dynamically create a link-local address on the given
#	interface and start Duplicate Address Detection, if necessary.
#
#	When this value is changed from 0 to 1 (IPv6 is being disabled),
#	it will dynamically delete all address on the given interface.
#
net.ipv6.conf.interface.accept_dad =
#	Whether to accept DAD (Duplicate Address Detection).
#	0: Disable DAD
#	1: Enable DAD (default)
#	2: Enable DAD, and disable IPv6 operation if MAC-based duplicate
#	   link-local address has been found.
#
net.ipv6.conf.interface.force_tllao = 0
#	Enable sending the target link-layer address option even when
#	responding to a unicast neighbor solicitation.
#	Default: FALSE
#
#	Quoting from RFC 2461, section 4.4, Target link-layer address:
#
#	"The option MUST be included for multicast solicitations in order to
#	avoid infinite Neighbor Solicitation "recursion" when the peer node
#	does not have a cache entry to return a Neighbor Advertisements
#	message.  When responding to unicast solicitations, the option can be
#	omitted since the sender of the solicitation has the correct link-
#	layer address; otherwise it would not have be able to send the unicast
#	solicitation in the first place. However, including the link-layer
#	address in this case adds little overhead and eliminates a potential
#	race condition where the sender deletes the cached link-layer address
#	prior to receiving a response to a previous solicitation."
#
net.ipv6.conf.interface.ndisc_notify = 0
#	Define mode for notification of address and device changes.
#	0 - (default): do nothing
#	1 - Generate unsolicited neighbour advertisements when device is brought
#	    up or hardware address changes.
#
net.ipv6.conf.interface.mldv1_unsolicited_report_interval = 10000
#	The interval in milliseconds in which the next unsolicited
#	MLDv1 report retransmit will take place.
#	Default: 10000 (10 seconds)
#
net.ipv6.conf.interface.mldv2_unsolicited_report_interval = 1000
#	The interval in milliseconds in which the next unsolicited
#	MLDv2 report retransmit will take place.
#	Default: 1000 (1 second)
#
net.ipv6.conf.interface.force_mld_version = 0
#	0 - (default) No enforcement of a MLD version, MLDv1 fallback allowed
#	1 - Enforce to use MLD version 1
#	2 - Enforce to use MLD version 2
#
net.ipv6.conf.interface.suppress_frag_ndisc = 1
#	Control RFC 6980 (Security Implications of IPv6 Fragmentation
#	with IPv6 Neighbor Discovery) behavior:
#	1 - (default) discard fragmented neighbor discovery packets
#	0 - allow fragmented neighbor discovery packets
#
net.ipv6.conf.interface.optimistic_dad = 0
#	Whether to perform Optimistic Duplicate Address Detection (RFC 4429).
#		0: disabled (default)
#		1: enabled
#
net.ipv6.conf.interface.use_optimistic = 0
#	If enabled, do not classify optimistic addresses as deprecated during
#	source address selection.  Preferred addresses will still be chosen
#	before optimistic addresses, subject to other ranking in the source
#	address selection algorithm.
#		0: disabled (default)
#		1: enabled
#
####icmp/*:
net.ipv6.conf.interface.icmp.ratelimit = 1000
#	Limit the maximal rates for sending ICMPv6 packets.
#	0 to disable any limiting,
#	otherwise the minimal space between responses in milliseconds.
#	Default: 1000
#
#
####IPv6 Update by:
##################################
#/proc/sys/net/bridge/* Variables:
##################################
net.bridge.bridge-nf-call-arptables = 1
#	1 : pass bridged ARP traffic to arptables' FORWARD chain.
#	0 : disable this.
#	Default: 1
#
net.bridge.bridge-nf-call-iptables = 1
#	1 : pass bridged IPv4 traffic to iptables' chains.
#	0 : disable this.
#	Default: 1
#
net.bridge.bridge-nf-call-ip6tables = 1
#	1 : pass bridged IPv6 traffic to ip6tables' chains.
#	0 : disable this.
#	Default: 1
#
net.bridge.bridge-nf-filter-vlan-tagged = 0
#	1 : pass bridged vlan-tagged ARP/IP/IPv6 traffic to {arp,ip,ip6}tables.
#	0 : disable this.
#	Default: 0
#
net.bridge.bridge-nf-filter-pppoe-tagged = 0
#	1 : pass bridged pppoe-tagged IP/IPv6 traffic to {ip,ip6}tables.
#	0 : disable this.
#	Default: 0
#
net.bridge.bridge-nf-pass-vlan-input-dev = 0
#	1: if bridge-nf-filter-vlan-tagged is enabled, try to find a vlan
#	interface on the bridge and set the netfilter input device to the vlan.
#	This allows use of e.g. "iptables -i br0.1" and makes the REDIRECT
#	target work with vlan-on-top-of-bridge interfaces.  When no matching
#	vlan interface is found, or this switch is off, the input device is
#	set to the bridge interface.
#	0: disable bridge netfilter vlan interface lookup.
#	Default: 0
#
##################################
#/proc/sys/net/sctp/* Variables:
##################################
#
net.sctp.addip_enable = 0
#	Enable or disable extension of  Dynamic Address Reconfiguration
#	(ADD-IP) functionality specified in RFC5061.  This extension provides
#	the ability to dynamically add and remove new addresses for the SCTP
#	associations.
#
#	1: Enable extension.
#
#	0: Disable extension.
#
#	Default: 0
#
net.sctp.addip_noauth_enable = 0
#	Dynamic Address Reconfiguration (ADD-IP) requires the use of
#	authentication to protect the operations of adding or removing new
#	addresses.  This requirement is mandated so that unauthorized hosts
#	would not be able to hijack associations.  However, older
#	implementations may not have implemented this requirement while
#	allowing the ADD-IP extension.  For reasons of interoperability,
#	we provide this variable to control the enforcement of the
#	authentication requirement.
#
#	1: Allow ADD-IP extension to be used without authentication.  This
#	   should only be set in a closed environment for interoperability
#	   with older implementations.
#
#	0: Enforce the authentication requirement
#
#	Default: 0
#
net.sctp.auth_enable = 0
#	Enable or disable Authenticated Chunks extension.  This extension
#	provides the ability to send and receive authenticated chunks and is
#	required for secure operation of Dynamic Address Reconfiguration
#	(ADD-IP) extension.
#
#	1: Enable this extension.
#	0: Disable this extension.
#
#	Default: 0
#
net.sctp.prsctp_enable = 1
#	Enable or disable the Partial Reliability extension (RFC3758) which
#	is used to notify peers that a given DATA should no longer be expected.
#
#	1: Enable extension
#	0: Disable
#
#	Default: 1
#
net.sctp.max_burst = 4
#	The limit of the number of new packets that can be initially sent.  It
#	controls how bursty the generated traffic can be.
#
#	Default: 4
#
net.sctp.association_max_retrans = 10
#	Set the maximum number for retransmissions that an association can
#	attempt deciding that the remote end is unreachable.  If this value
#	is exceeded, the association is terminated.
#
#	Default: 10
#
net.sctp.max_init_retransmits = 8
#	The maximum number of retransmissions of INIT and COOKIE-ECHO chunks
#	that an association will attempt before declaring the destination
#	unreachable and terminating.
#
#	Default: 8
#
net.sctp.path_max_retrans = 5
#	The maximum number of retransmissions that will be attempted on a given
#	path.  Once this threshold is exceeded, the path is considered
#	unreachable, and new traffic will use a different path when the
#	association is multihomed.
#
#	Default: 5
#
net.sctp.pf_retrans = 0
#	The number of retransmissions that will be attempted on a given path
#	before traffic is redirected to an alternate transport (should one
#	exist).  Note this is distinct from path_max_retrans, as a path that
#	passes the pf_retrans threshold can still be used.  Its only
#	deprioritized when a transmission path is selected by the stack.  This
#	setting is primarily used to enable fast failover mechanisms without
#	having to reduce path_max_retrans to a very low value.  See:
#	http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
#	for details.  Note also that a value of pf_retrans > path_max_retrans
#	disables this feature
#
#	Default: 0
#
net.sctp.rto_initial = 3000
#	The initial round trip timeout value in milliseconds that will be used
#	in calculating round trip times.  This is the initial time interval
#	for retransmissions.
#
#	Default: 3000
#
net.sctp.rto_max = 60000
#	The maximum value (in milliseconds) of the round trip timeout.  This
#	is the largest time interval that can elapse between retransmissions.
#
#	Default: 60000
#
net.sctp.rto_min = 1000
#	The minimum value (in milliseconds) of the round trip timeout.  This
#	is the smallest time interval the can elapse between retransmissions.
#
#	Default: 1000
#
net.sctp.hb_interval = 30000
#	The interval (in milliseconds) between HEARTBEAT chunks.  These chunks
#	are sent at the specified interval on idle paths to probe the state of
#	a given path between 2 associations.
#
#	Default: 30000
#
net.sctp.sack_timeout = 200
#	The amount of time (in milliseconds) that the implementation will wait
#	to send a SACK.
#
#	Default: 200
#
net.sctp.valid_cookie_life = 60000
#	The default lifetime of the SCTP cookie (in milliseconds).  The cookie
#	is used during association establishment.
#
#	Default: 60000
#
net.sctp.cookie_preserve_enable = 1
#	Enable or disable the ability to extend the lifetime of the SCTP cookie
#	that is used during the establishment phase of SCTP association
#
#	1: Enable cookie lifetime extension.
#	0: Disable
#
#	Default: 1
#
net.sctp.cookie_hmac_alg = sha1
#	Select the hmac algorithm used when generating the cookie value sent by
#	a listening sctp socket to a connecting client in the INIT-ACK chunk.
#	Valid values are:
#	* md5
#	* sha1
#	* none
#	Ability to assign md5 or sha1 as the selected alg is predicated on the
#	configuration of those algorithms at build time (CONFIG_CRYPTO_MD5 and
#	CONFIG_CRYPTO_SHA1).
#
#	Default: Dependent on configuration.  MD5 if available, else SHA1 if
#	available, else none.
#
net.sctp.rcvbuf_policy =
#	Determines if the receive buffer is attributed to the socket or to
#	association.   SCTP supports the capability to create multiple
#	associations on a single socket.  When using this capability, it is
#	possible that a single stalled association that's buffering a lot
#	of data may block other associations from delivering their data by
#	consuming all of the receive buffer space.  To work around this,
#	the rcvbuf_policy could be set to attribute the receiver buffer space
#	to each association instead of the socket.  This prevents the described
#	blocking.
#
#	1: rcvbuf space is per association
#	0: rcvbuf space is per socket
#
#	Default: 0
#
net.sctp.sndbuf_policy = 0
#	Similar to rcvbuf_policy above, this applies to send buffer space.
#
#	1: Send buffer is tracked per association
#	0: Send buffer is tracked per socket.
#
#	Default: 0
#
net.sctp.sctp_mem =
#	Number of pages allowed for queueing by all SCTP sockets.
#
#	min: Below this number of pages SCTP is not bothered about its
#	memory appetite. When amount of memory allocated by SCTP exceeds
#	this number, SCTP starts to moderate memory usage.
#
#	pressure: This value was introduced to follow format of tcp_mem.
#
#	max: Number of pages allowed for queueing by all SCTP sockets.
#
#	Default is calculated at boot time from amount of available memory.
#
net.sctp.sctp_rmem =
#	Only the first value ("min") is used, "default" and "max" are
#	ignored.
#
#	min: Minimal size of receive buffer used by SCTP socket.
#	It is guaranteed to each SCTP socket (but not association) even
#	under moderate memory pressure.
#
#	Default: 1 page
#
net.sctp.sctp_wmem  =
#	Currently this tunable has no effect.
#
net.sctp.addr_scope_policy = 1
#	Control IPv4 address scoping - draft-stewart-tsvwg-sctp-ipv4-00
#
#	0   - Disable IPv4 address scoping
#	1   - Enable IPv4 address scoping
#	2   - Follow draft but allow IPv4 private addresses
#	3   - Follow draft but allow IPv4 link local addresses
#
#	Default: 1
#
#
##################################
#/proc/sys/net/core/* Variables:
##################################
#	Please see: Documentation/sysctl/net.txt for descriptions of these entries.
#
#
##################################
# /proc/sys/net/unix/* Variables:
##################################
net.unix.max_dgram_qlen = 10
#	The maximum length of dgram socket receive queue
#
#	Default: 10
#
#
##################################
#UNDOCUMENTED:
##################################
#
##################################
#/proc/sys/net/irda/* Variables:
##################################
	net.irda.fast_poll_increase =
	net.irda.warn_noreply_time =
	net.irda.discovery_slots =
	net.irda.slot_timeout =
	net.irda.max_baud_rate =
	net.irda.discovery_timeout =
	net.irda.lap_keepalive_time =
	net.irda.max_noreply_time =
	net.irda.max_tx_data_size =
	net.irda.max_tx_window =
	net.irda.min_tx_turn_time =
	net.ipv4.route.gc_thresh = 4096

## test.conf
# Show all system parameters with their values (default or changed)
### v.22.09.2015
# sysctl -A or via -> sysctl -a | grep tcp
### Show values of parameters modified by you
# sysctl -p
### Show value for a single parameter parameter-name
# sysctl parameter-name
### Change value for a single parameter parameter-name without editing sysctl.conf manually.
# sysctl -w parameter-name = parameter-value
# # sysctl -a | grep ipv6 sysctl
## sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
## CPU type, network iface names and such stuff needs to be manually configurated
# as per needs.

# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0


# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0


# Stealth IP networking
#net.inet.ip.stealth = 0

# Drop synfin packets
#net.inet.tcp.drop_synfin = 1

# ICMP may NOT rst
#net.inet.tcp.icmp_may_rst = 0


###############################
############ IPv4 #############
###############################
net.ipv4.ip_forward = 1
#net.ipv4.ip_forward_use_pmtu = 0
#net.ipv4.fwmark_reflect = 0
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 0
#net.ipv4.ip_early_demux = true
net.ipv4.xfrm4_gc_thresh = 131072
#net.ipv4.igmp_link_local_mcast_reports = true
net.ipv4.ip_default_ttl = 64

# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 900
net.ipv4.inet_peer_gc_mintime = 10
net.ipv4.inet_peer_gc_maxtime = 120
net.ipv4.igmp_max_msf = 10

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = false

# Disable all ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = false
net.ipv4.conf.lo.accept_redirects = false
net.ipv4.conf.default.accept_redirects = false
net.ipv4.conf.all.secure_redirects = false

# fix this .... :(
#net.irda.fast_poll_increase =
#net.irda.warn_noreply_time =
#net.irda.discovery_slots =
#net.irda.slot_timeout =
#net.irda.max_baud_rate =
#net.irda.discovery_timeout =
#net.irda.lap_keepalive_time =
#net.irda.max_noreply_time =
#net.irda.max_tx_data_size =
#net.irda.max_tx_window =
#net.irda.min_tx_turn_time =

# fix²
#net.sctp.addip_enable = 0
#net.sctp.addip_noauth_enable = 0
#net.sctp.auth_enable = 0
#net.sctp.prsctp_enable = 1
#net.sctp.max_burst = 4
#net.sctp.association_max_retrans = 12
#net.sctp.max_init_retransmits = 10
#net.sctp.path_max_retrans = 5
#net.sctp.pf_retrans = 0
#net.sctp.rto_initial = 3000
#net.sctp.rto_ma = 60000
#net.sctp.rto_min = 1000
#net.sctp.hb_interval = 30000
#net.sctp.sack_timeout = 200
#net.sctp.valid_cookie_life = 60000
#net.sctp.cookie_preserve_enable = 1
#net.sctp.cookie_hmac_alg = sha1
#net.sctp.rcvbuf_policy = 0
#net.sctp.sndbuf_policy = 0
#net.sctp.sctp_mem.pressure = ?
#net.sctp.sctp_rmem = 1
#net.sctp.sctp_wmem = ?
#net.sctp.addr_scope_policy = 1


# TCP SYN cookie protection (default) helps protect
# against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
#net.ipv4.tcp_syncookies = true

# TCP Explicit Congestion Notification
#net.ipv4.tcp_ecn = 2
#net.ipv4.tcp_ecn_fallback = 1
#net.ipv4.tcp_reordering = 3
#net.ipv4.tcp_max_reordering = 300

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = true

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 60

# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1000

# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = true

# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 1

# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1

## TCP timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = false

# Enable ignoring broadcasts request (Default 1)
net.ipv4.icmp_echo_ignore_broadcasts = true

#
#net.ipv4.icmp_ratemask = 6168

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = true

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 1

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 512

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 100000

# Ignore all ICMP Echo spam - Don't ignore directed pings!
net.ipv4.icmp_echo_ignore_all = false

# Allowed local port range
#net.ipv4.ip_local_port_range = 32768 60999

# This may cause dropped frames with load-balancing and NATs,
# only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
# 1 0 can break clients behind NAT
#net.ipv4.tcp_tw_reuse = true
#net.ipv4.tcp_tw_recycle = false


# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 8


# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0


#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600
#net.ipv4.conf.<device>.rp_filter = 1


#net.tcp.default_init_rwnd = 60
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 4
#net.ipv4.route.flush = 1


net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
#net.ipv4.tcp_rme = 6144 87380 1048576
net.ipv4.tcp_wmem = 6144 87380 1048576
net.ipv4.tcp_mem = 65536 131072 262144


# The default value held by this entry varies
#heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max =


net.ipv4.tcp_fack = 1
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_congestion_control = cubic
# More speed with -> net.ipv4.tcp_congestion_control = htcp
# or hybla
net.ipv4.tcp_moderate_rcvbuf = true
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.udp_mem = 65536 131072 262144
net.ipv4.tcp_rmem = 4096 87380 16777216


# Increase RPC slots
#sunrpc.tcp_slot_table_entries = 32
#sunrpc.udp_slot_table_entries = 32


# .autoconf set to 0 if you use a static ip!

#net.ipv4.tcp_min_tso_segs = 2
#net.ipv4.tcp_pacing_ss_ratio = 250
#net.ipv4.tcp_pacing_ca_ratio = 120
#net.ipv4.tcp_notsent_lowat = 0xFFFFFFFF
net.ipv4.tcp_workaround_signed_windows = false
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = false
net.ipv4.tcp_thin_dupack = false
net.ipv4.tcp_stdurg = false
#net.ipv4.tcp_limit_output_bytes = 131072
net.ipv4.tcp_slow_start_after_idle = true
net.ipv4.tcp_retrans_collapse = true
net.ipv4.tcp_mtu_probing = 1
#net.ipv4.tcp_probe_interval =
#net.ipv4.tcp_probe_threshold =
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_cookie_size = 0
net.ipv4.tcp_orphan_retries = 8
net.ipv4.tcp_max_orphans = 16384
net.ipv4.tcp_low_latency = 0
#net.ipv4.tcp_invalid_ratelimit = 1000
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
#net.ipv4.tcp_early_retrans = 3
#net.ipv4.tcp_dma_copybreak = 4096
#net.ipv4.tcp_autocorking = 1
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
#net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
#net.ipv4.tcp_fastopen = 3
#####
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
net.ipv4.route.min_pmtu = 552
#deprecated for ipv4
#net.ipv4.route.max_size = 524288
#
net.ipv4.route.gc_timeout = 600
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 32768
#####
# http://lartc.org/howto/lartc.kernel.obscure.html
# http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
####
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = false
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 900
net.ipv4.ipfrag_time = 40
######
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 96
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 6
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#####
net.ipv4.conf.rmnet1.forwarding = true
net.ipv4.conf.rmnet1.mc_forwarding = true
net.ipv4.conf.rmnet1.accept_redirects = false
net.ipv4.conf.rmnet1.secure_redirects = false
net.ipv4.conf.rmnet1.shared_media = true
net.ipv4.conf.rmnet1.rp_filter = 1
net.ipv4.conf.rmnet1.send_redirects = 1
net.ipv4.conf.rmnet1.accept_source_route = true
net.ipv4.conf.rmnet1.accept_local = false
net.ipv4.conf.rmnet1.src_valid_mark = 0
net.ipv4.conf.rmnet1.proxy_arp = 0
net.ipv4.conf.rmnet1.medium_id = -1
#net.ipv4.conf.rmnet1.bootp_relay = false
net.ipv4.conf.rmnet1.log_martians = 1
net.ipv4.conf.rmnet1.tag = 0
net.ipv4.conf.rmnet1.arp_filter = true
net.ipv4.conf.rmnet1.arp_announce = 0
net.ipv4.conf.rmnet1.arp_ignore = 1
net.ipv4.conf.rmnet1.arp_accept = false
net.ipv4.conf.rmnet1.arp_notify = false
net.ipv4.conf.rmnet1.proxy_arp_pvlan = false
net.ipv4.conf.rmnet1.disable_xfrm = false
net.ipv4.conf.rmnet1.disable_policy = 0
net.ipv4.conf.rmnet1.force_igmp_version = 0
net.ipv4.conf.rmnet1.promote_secondaries = false
#####
net.ipv4.conf.rmnet2.forwarding = true
net.ipv4.conf.rmnet2.mc_forwarding = 0
net.ipv4.conf.rmnet2.accept_redirects = false
net.ipv4.conf.rmnet2.secure_redirects = false
net.ipv4.conf.rmnet2.shared_media = true
net.ipv4.conf.rmnet2.rp_filter = 1
net.ipv4.conf.rmnet2.send_redirects = 1
net.ipv4.conf.rmnet2.accept_source_route = true
net.ipv4.conf.rmnet2.accept_local = false
net.ipv4.conf.rmnet2.src_valid_mark = 0
net.ipv4.conf.rmnet2.proxy_arp = 0
net.ipv4.conf.rmnet2.medium_id = -1
net.ipv4.conf.rmnet2.bootp_relay = 0
net.ipv4.conf.rmnet2.log_martians = 1
net.ipv4.conf.rmnet2.tag = 0
net.ipv4.conf.rmnet2.arp_filter = true
net.ipv4.conf.rmnet2.arp_announce = 0
net.ipv4.conf.rmnet2.arp_ignore = 1
net.ipv4.conf.rmnet2.arp_accept = false
net.ipv4.conf.rmnet2.arp_notify = false
net.ipv4.conf.rmnet2.proxy_arp_pvlan = false
net.ipv4.conf.rmnet2.disable_xfrm = false
net.ipv4.conf.rmnet2.disable_policy = 0
net.ipv4.conf.rmnet2.force_igmp_version = 0
net.ipv4.conf.rmnet2.promote_secondaries = false
#####
#net.ipv4.conf.rndis0.forwarding = true
#net.ipv4.conf.rndis0.mc_forwarding = 0
#net.ipv4.conf.rndis0.accept_redirects = false
#net.ipv4.conf.rndis0.secure_redirects = false
#net.ipv4.conf.rndis0.shared_media = true
#net.ipv4.conf.rndis0.rp_filter = 1
#net.ipv4.conf.rndis0.send_redirects = 1
#net.ipv4.conf.rndis0.accept_source_route = 0
#net.ipv4.conf.rndis0.accept_local = false
#net.ipv4.conf.rndis0.src_valid_mark = 0
#net.ipv4.conf.rndis0.proxy_arp = 0
#net.ipv4.conf.rndis0.medium_id = -1
#net.ipv4.conf.rndis0.bootp_relay = 0
#net.ipv4.conf.rndis0.log_martians = 1
#net.ipv4.conf.rndis0.tag = 0
#net.ipv4.conf.rndis0.arp_filter = true
#net.ipv4.conf.rndis0.arp_announce = 0
#net.ipv4.conf.rndis0.arp_ignore = 1
#net.ipv4.conf.rndis0.arp_accept = false
#net.ipv4.conf.rndis0.arp_notify = false
#net.ipv4.conf.rndis0.proxy_arp_pvlan = false
#net.ipv4.conf.rndis0.disable_xfrm = false
#net.ipv4.conf.rndis0.disable_policy = 0
#net.ipv4.conf.rndis0.force_igmp_version = 0
#net.ipv4.conf.rndis0.promote_secondaries = false
#####
#net.ipv4.neigh.rndis0.mcast_solicit = 3
#net.ipv4.neigh.rndis0.ucast_solicit = 3
#net.ipv4.neigh.rndis0.app_solicit = 0
#net.ipv4.neigh.rndis0.retrans_time = 100
#net.ipv4.neigh.rndis0.base_reachable_time = 30
#net.ipv4.neigh.rndis0.delay_first_probe_time = 5
#net.ipv4.neigh.rndis0.gc_stale_time = 60
#net.ipv4.neigh.rndis0.unres_qlen = 31
#net.ipv4.neigh.rndis0.proxy_qlen = 64
#net.ipv4.neigh.rndis0.anycast_delay = 100
#net.ipv4.neigh.rndis0.proxy_delay = 80
#net.ipv4.neigh.rndis0.locktime = 120
#net.ipv4.neigh.rndis0.retrans_time_ms = 1000
#net.ipv4.neigh.rndis0.base_reachable_time_ms = 30000
#####
#net.ipv4.neigh.rmnet2.mcast_solitic = 3
net.ipv4.neigh.rmnet2.ucast_solicit = 3
net.ipv4.neigh.rmnet2.app_solicit = 0
net.ipv4.neigh.rmnet2.retrans_time = 100
net.ipv4.neigh.rmnet2.base_reachable_time = 30
net.ipv4.neigh.rmnet2.delay_first_probe_time = 5
net.ipv4.neigh.rmnet2.gc_stale_time = 60
net.ipv4.neigh.rmnet2.unres_qlen = 31
net.ipv4.neigh.rmnet2.proxy_qlen = 64
net.ipv4.neigh.rmnet2.anycast_delay = 100
net.ipv4.neigh.rmnet2.proxy_delay = 80
net.ipv4.neigh.rmnet2.locktime = 100
net.ipv4.neigh.rmnet2.retrans_time_ms = 1000
net.ipv4.neigh.rmnet2.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet1.mcast_solicit = 3
net.ipv4.neigh.rmnet1.ucast_solicit = 3
net.ipv4.neigh.rmnet1.app_solicit = 0
net.ipv4.neigh.rmnet1.retrans_time = 100
net.ipv4.neigh.rmnet1.base_reachable_time = 30
net.ipv4.neigh.rmnet1.delay_first_probe_time = 5
net.ipv4.neigh.rmnet1.gc_stale_time = 60
net.ipv4.neigh.rmnet1.unres_qlen = 31
net.ipv4.neigh.rmnet1.proxy_qlen = 64
net.ipv4.neigh.rmnet1.anycast_delay = 100
net.ipv4.neigh.rmnet1.proxy_delay = 80
net.ipv4.neigh.rmnet1.locktime = 100
net.ipv4.neigh.rmnet1.retrans_time_ms = 1000
net.ipv4.neigh.rmnet1.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.rmnet0.mcast_solicit = 3
net.ipv4.neigh.rmnet0.ucast_solicit = 3
net.ipv4.neigh.rmnet0.app_solicit = 0
net.ipv4.neigh.rmnet0.retrans_time = 100
net.ipv4.neigh.rmnet0.base_reachable_time = 30
net.ipv4.neigh.rmnet0.delay_first_probe_time = 5
net.ipv4.neigh.rmnet0.gc_stale_time = 60
net.ipv4.neigh.rmnet0.unres_qlen = 31
net.ipv4.neigh.rmnet0.proxy_qlen = 64
net.ipv4.neigh.rmnet0.anycast_delay = 100
net.ipv4.neigh.rmnet0.proxy_delay = 80
net.ipv4.neigh.rmnet0.locktime = 100
net.ipv4.neigh.rmnet0.retrans_time_ms = 1000
net.ipv4.neigh.rmnet0.base_reachable_time_ms = 30000
#####
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 31
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 31
######
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
#net.ipv4.neigh.lo.unres_qlen_bytes = 31
#####
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 31
#####
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
#net.ipv4.neigh.sit0.unres_qlen_bytes = 31
#####
#net.ipv4.neigh.wlan0.anycast_delay = 100
#net.ipv4.neigh.wlan0.app_solicit = 0
#net.ipv4.neigh.wlan0.base_reachable_time = 30
#net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv4.neigh.wlan0.delay_first_probe_time = 5
#net.ipv4.neigh.wlan0.gc_stale_time = 60
#net.ipv4.neigh.wlan0.locktime = 100
#net.ipv4.neigh.wlan0.mcast_solicit = 3
#net.ipv4.neigh.wlan0.proxy_delay = 80
#net.ipv4.neigh.wlan0.proxy_qlen = 64
#net.ipv4.neigh.wlan0.retrans_time = 100
#net.ipv4.neigh.wlan0.retrans_time_ms = 1000
#net.ipv4.neigh.wlan0.ucast_solicit = 3
#net.ipv4.neigh.wlan0.unres_qlen = 35
#net.ipv4.neigh.wlan0.unres_qlen_bytes = 31
#net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
#net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
#net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_log_invalid = 0
#net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
#net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
#net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
#net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
#net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 15
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 75
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 240
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
#net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
#net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
#net.ipv4.ping_group_range = 0 2147483647
#net.ipv4.ip_local_reserved_ports =
#####
#net.ipv4.conf.all.route_localnet = false
net.ipv4.conf.all.accept_local = false
net.ipv4.conf.all.arp_accept = false
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = true
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = false
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = false
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = true
net.ipv4.conf.all.mc_forwarding = true
net.ipv4.conf.all.medium_id = -1
net.ipv4.conf.all.promote_secondaries = false
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = false
net.ipv4.conf.all.shared_media = true
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
#net.ipv4.igmpv2_unsolicited_report_interval = 10000
#net.ipv4.igmpv3_unsolicited_report_interval = 10000
######
net.ipv4.conf.default.accept_local = false
net.ipv4.conf.default.arp_accept = false
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = true
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = false
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = false
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = true
net.ipv4.conf.default.log_martians = 1
net.ipv4.conf.default.mc_forwarding = true
net.ipv4.conf.default.medium_id = -1
net.ipv4.conf.default.promote_secondaries = false
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = false
net.ipv4.conf.default.secure_redirects = false
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.shared_media = true
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
#####
#net.ipv4.conf.all.use_tempaddr = -1
net.ipv4.conf.ip6tnl0.accept_local = false
net.ipv4.conf.ip6tnl0.accept_redirects = false
net.ipv4.conf.ip6tnl0.accept_source_route = true
net.ipv4.conf.ip6tnl0.arp_accept = false
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = true
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = false
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = false
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = true
net.ipv4.conf.ip6tnl0.log_martians = 1
net.ipv4.conf.ip6tnl0.mc_forwarding = true
net.ipv4.conf.ip6tnl0.medium_id = -1
net.ipv4.conf.ip6tnl0.promote_secondaries = false
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = false
net.ipv4.conf.ip6tnl0.rp_filter = 1
net.ipv4.conf.ip6tnl0.secure_redirects = false
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = true
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
######
net.ipv4.conf.rmnet0.forwarding = true
net.ipv4.conf.rmnet0.mc_forwarding = true
net.ipv4.conf.rmnet0.accept_redirects = false
net.ipv4.conf.rmnet0.secure_redirects = false
net.ipv4.conf.rmnet0.shared_media = true
net.ipv4.conf.rmnet0.rp_filter = 1
net.ipv4.conf.rmnet0.send_redirects = 1
net.ipv4.conf.rmnet0.accept_source_route = true
net.ipv4.conf.rmnet0.accept_local = false
net.ipv4.conf.rmnet0.src_valid_mark = 0
net.ipv4.conf.rmnet0.proxy_arp = 0
net.ipv4.conf.rmnet0.medium_id = -1
net.ipv4.conf.rmnet0.bootp_relay = 0
net.ipv4.conf.rmnet0.log_martians = 1
net.ipv4.conf.rmnet0.tag = 0
net.ipv4.conf.rmnet0.arp_filter = true
net.ipv4.conf.rmnet0.arp_announce = 0
net.ipv4.conf.rmnet0.arp_ignore = 1
net.ipv4.conf.rmnet0.arp_accept = false
net.ipv4.conf.rmnet0.arp_notify = false
net.ipv4.conf.rmnet0.proxy_arp_pvlan = false
net.ipv4.conf.rmnet0.disable_xfrm = false
net.ipv4.conf.rmnet0.disable_policy = 0
net.ipv4.conf.rmnet0.force_igmp_version = 0
net.ipv4.conf.rmnet0.promote_secondaries = false
######
net.ipv4.conf.lo.accept_local = false
net.ipv4.conf.lo.arp_accept = false
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = true
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = false
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = true
net.ipv4.conf.lo.mc_forwarding = true
net.ipv4.conf.lo.medium_id = -1
net.ipv4.conf.lo.promote_secondaries = false
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = false
net.ipv4.conf.lo.secure_redirects = false
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = true
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
#####
#net.ipv4.conf.p2p0.accept_local = false
#net.ipv4.conf.p2p0.accept_redirects = false
#net.ipv4.conf.p2p0.accept_source_route = true
#net.ipv4.conf.p2p0.arp_accept = false
#net.ipv4.conf.p2p0.arp_announce = 0
#net.ipv4.conf.p2p0.arp_filter = true
#net.ipv4.conf.p2p0.arp_ignore = 0
#net.ipv4.conf.p2p0.arp_notify = false
#net.ipv4.conf.p2p0.bootp_relay = 0
#net.ipv4.conf.p2p0.disable_policy = 0
#net.ipv4.conf.p2p0.disable_xfrm = false
#net.ipv4.conf.p2p0.force_igmp_version = 0
#net.ipv4.conf.p2p0.forwarding = true
#net.ipv4.conf.p2p0.log_martians = 1
#net.ipv4.conf.p2p0.mc_forwarding = true
#net.ipv4.conf.p2p0.medium_id = -1
#net.ipv4.conf.p2p0.promote_secondaries = false
#net.ipv4.conf.p2p0.proxy_arp = 0
#net.ipv4.conf.p2p0.proxy_arp_pvlan = false
#net.ipv4.conf.p2p0.rp_filter = 1
#net.ipv4.conf.p2p0.secure_redirects = false
#net.ipv4.conf.p2p0.send_redirects = 1
#net.ipv4.conf.p2p0.shared_media = true
#net.ipv4.conf.p2p0.src_valid_mark = 0
#net.ipv4.conf.p2p0.tag = 0
#####
net.ipv4.conf.sit0.accept_local = false
net.ipv4.conf.sit0.accept_redirects = false
net.ipv4.conf.sit0.accept_source_route = true
net.ipv4.conf.sit0.arp_accept = false
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = true
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = false
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = false
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = true
net.ipv4.conf.sit0.log_martians = 1
net.ipv4.conf.sit0.mc_forwarding = true
net.ipv4.conf.sit0.medium_id = -1
net.ipv4.conf.sit0.promote_secondaries = false
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = false
net.ipv4.conf.sit0.rp_filter = 1
net.ipv4.conf.sit0.secure_redirects = false
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = true
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
######
#net.ipv4.conf.wlan0.accept_local = false
#net.ipv4.conf.wlan0.accept_redirects = false
#net.ipv4.conf.wlan0.accept_source_route = true
#net.ipv4.conf.wlan0.arp_accept = false
#net.ipv4.conf.wlan0.arp_announce = 0
#net.ipv4.conf.wlan0.arp_filter = true
#net.ipv4.conf.wlan0.arp_ignore = 0
#net.ipv4.conf.wlan0.arp_notify = false
#net.ipv4.conf.wlan0.bootp_relay = 0
#net.ipv4.conf.wlan0.disable_policy = 0
#net.ipv4.conf.wlan0.disable_xfrm = false
#net.ipv4.conf.wlan0.force_igmp_version = 0
#net.ipv4.conf.wlan0.forwarding = true
#net.ipv4.conf.wlan0.log_martians = 1
#net.ipv4.conf.wlan0.mc_forwarding = true
#net.ipv4.conf.wlan0.medium_id = -1
#net.ipv4.conf.wlan0.promote_secondaries = 1
#net.ipv4.conf.wlan0.proxy_arp = 0
#net.ipv4.conf.wlan0.proxy_arp_pvlan = false
#net.ipv4.conf.wlan0.rp_filter = 1
#net.ipv4.conf.wlan0.secure_redirects = false
#net.ipv4.conf.wlan0.send_redirects = 1
#net.ipv4.conf.wlan0.shared_media = true
#net.ipv4.conf.wlan0.src_valid_mark = 0
#net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = false
net.ipv4.icmp_ratelimit = 1000
#net.ipv4.icmp_msgs_per_sec = 1000
#net.ipv4.icmp_msgs_burst = 50
net.ipv4.igmp_max_memberships = 20
net.ipv4.conf.default.accept_redirects = false
#net.ipv4.igmp_qrv = 2
#net.ipv4.conf.all.igmp_max_memberships = 20


# Netfilter
########
net.netfilter.nf_log.0 = NONE
net.netfilter.nf_log.1 = NONE
net.netfilter.nf_log.2 = ipt_LOG
net.netfilter.nf_log.3 = NONE
net.netfilter.nf_log.4 = NONE
net.netfilter.nf_log.5 = NONE
net.netfilter.nf_log.6 = NONE
net.netfilter.nf_log.7 = NONE
net.netfilter.nf_log.8 = NONE
net.netfilter.nf_log.9 = NONE
net.netfilter.nf_log.10 = ip6t_LOG
net.netfilter.nf_log.11 = NONE
net.netfilter.nf_log.12 = NONE


net.netfilter.nf_conntrack_buckets = 16384
net.netfilter.nf_conntrack_count = 36
net.netfilter.nf_conntrack_dccp_loose = 1
net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
net.netfilter.nf_conntrack_dccp_timeout_closing = 64
net.netfilter.nf_conntrack_dccp_timeout_open = 43200
net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
net.netfilter.nf_conntrack_dccp_timeout_request = 240
net.netfilter.nf_conntrack_dccp_timeout_respond = 480
net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
net.netfilter.nf_conntrack_events = 1
net.netfilter.nf_conntrack_events_retry_timeout = 15
net.netfilter.nf_conntrack_max = 50168
net.netfilter.nf_conntrack_expect_max = 256
net.netfilter.nf_conntrack_frag6_high_thresh = 262144
net.netfilter.nf_conntrack_frag6_low_thresh = 196608
net.netfilter.nf_conntrack_frag6_timeout = 60
net.netfilter.nf_conntrack_generic_timeout = 600
net.netfilter.nf_conntrack_icmp_timeout = 30
net.netfilter.nf_conntrack_icmpv6_timeout = 30
net.netfilter.nf_conntrack_log_invalid = 0
net.netfilter.nf_conntrack_acct = 0
net.netfilter.nf_conntrack_checksum = 1
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_udp_timeout = 30
net.netfilter.nf_conntrack_udp_timeout_stream = 360
#net.netfilter.nf_conntrack_skip_filter = 1
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 15
net.netfilter.nf_conntrack_tcp_max_retrans = 3
net.netfilter.nf_conntrack_tcp_loose = 1
net.netfilter.nf_conntrack_tcp_be_liberal = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
net.netfilter.nf_conntrack_sctp_timeout_closed = 10
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180


# Disable bridge firewall'ing by default
#net.bridge.bridge-nf-call-arptables = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 0


#net.bridge.bridge-nf-pass-vlan-input-dev = 0
#net.bridge.bridge-nf-filter-pppoe-tagged = 0
#net.bridge.bridge-nf-filter-vlan-tagged = 0
#net.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge-nf-call-iptables = 1
#net.bridge.bridge-nf-call-arptable = 1


# Disable IPv6
###############
net.ipv6.conf.all.disable_ipv6 = true
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1


###############################
# IPv6 -> http://test-ipv6.com  +  RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id = 14013
# https://code.google.com/p/android/issues/detail?id = 31102
# Only on Lollipop: RFC 6106
###############################
net.ipv6.ip_forward = 1
#net.ipv6.bindv6only = false
#net.ipv6.fwmark_reflect = 0
#net.ipv6.tcp_timestamps = 0
#net.ipv6.ip_forward_use_pmtu = 0
#net.ipv6.auto_flowlabels = 1
#net.ipv6.flowlabel_consistency = true
#net.ipv6.flowlabel_state_ranges = true
#net.ipv6.idgen_delay = 1
#net.ipv6.idgen_retries = 3
#net.ipv6.mld_qrv = 2
#net.ipv6.anycast_src_echo_reply = false
#net.ipv6.conf.all.suppress_frag_ndisc = 1
#net.ipv6.conf.all.stable_secret =
#net.ipv6.conf.all.fwmark_reflect = 0
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.conf.all.secure_redirects = false
#net.ipv6.conf.all.forwarding = true
#net.ipv6.conf.all.accept_redirects = false
#net.ipv6.conf.all.accept_ra_from_local = true
#net.ipv6.conf.all.accept_ra = 1
#net.ipv6.conf.all.accept_dad = 1
#net.ipv6.conf.all.accept_ra_rtr_pref = true
#net.ipv6.conf.all.accept_ra_pinfo = true
#net.ipv6.conf.all.accept_ra_defrtr = true
#net.ipv6.conf.all.use_tempaddr = -1
#net.ipv6.conf.all.temp_valid_lft = 604800
#net.ipv6.conf.all.autoconf = true
#net.ipv6.conf.all.accept_source_route = 0
#net.ipv6.conf.all.force_mld_version = 0
#net.ipv6.conf.all.force_tllao = false
#net.ipv6.conf.all.hop_limit = 64
#net.ipv6.conf.all.max_addresses = 16
#net.ipv6.conf.all.max_desync_factor = 600
#net.ipv6.conf.all.mtu = 1280
#net.ipv6.conf.all.optimistic_dad = false
#net.ipv6.conf.all.use_optimistic = false
#net.ipv6.conf.all.proxy_ndp = 2
#net.ipv6.conf.all.regen_max_retry = 5
#net.ipv6.conf.all.router_probe_interval = 60
#net.ipv6.conf.all.router_solicitation_delay = 1
#net.ipv6.conf.all.router_solicitation_interval = 4
#net.ipv6.conf.all.router_solicitations = 3
#net.ipv6.conf.all.temp_prefered_lft = 86400
#net.ipv6.conf.all.ip6frag_time = 60
#net.ipv6.conf.all.use_oif_addrs_only = false
#####
#net.ipv6.conf.default.secure_redirects = false
#net.ipv6.conf.default.autoconf = true
#net.ipv6.conf.default.stable_secret =
#net.ipv6.conf.default.suppress_frag_ndisc = 1
#net.ipv6.conf.default.accept_redirects = false
#net.ipv6.conf.default.use_tempaddr = -1
#net.ipv6.conf.default.accept_dad = 1
#net.ipv6.conf.default.accept_ra = 0
#net.ipv6.conf.default.accept_ra_defrtr = true
#net.ipv6.conf.default.accept_ra_pinfo = true
#net.ipv6.conf.default.accept_ra_rtr_pref = true
#net.ipv6.conf.default.accept_source_route = 0
#net.ipv6.conf.default.dad_transmits = 1
#net.ipv6.conf.default.force_mld_version = 0
#net.ipv6.conf.default.force_tllao = false
#net.ipv6.conf.default.forwarding = true
#net.ipv6.conf.default.hop_limit = 64
#net.ipv6.conf.default.max_addresses = 16
#net.ipv6.conf.default.max_desync_factor = 600
#net.ipv6.conf.default.mtu = 1280
#net.ipv6.conf.default.optimistic_dad = false
#net.ipv6.conf.default.proxy_ndp = 0
#net.ipv6.conf.default.regen_max_retry = 5
#net.ipv6.conf.default.router_probe_interval = 60
#net.ipv6.conf.default.router_solicitation_delay = 1
#net.ipv6.conf.default.accept_ra_from_local = true
#net.ipv6.conf.default.router_solicitation_interval = 4
#net.ipv6.conf.default.router_solicitations = 3
#net.ipv6.conf.default.temp_prefered_lft = 86400
#net.ipv6.conf.default.temp_valid_lft = 604800
#net.ipv6.conf.default.ndisc_notify = false
#net.ipv6.conf.default.use_oif_addrs_only = false
#net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.ip6tnl0.accept_ra_mtu = true
#net.ipv6.conf.ip6tnl0.forwarding = true
#net.ipv6.conf.ip6tnl0.hop_limit = 64
#net.ipv6.conf.ip6tnl0.mtu = 1452
#net.ipv6.conf.ip6tnl0.accept_ra = 2
#net.ipv6.conf.ip6tnl0.accept_redirects = false
#net.ipv6.conf.ip6tnl0.autoconf = true
#net.ipv6.conf.ip6tnl0.dad_transmits = 1
#net.ipv6.conf.ip6tnl0.router_solicitations = 3
#net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
#net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
#net.ipv6.conf.ip6tnl0.force_mld_version = 0
#net.ipv6.conf.ip6tnl0.use_tempaddr = -1
#net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
#net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
#net.ipv6.conf.ip6tnl0.regen_max_retry = 5
#net.ipv6.conf.ip6tnl0.max_desync_factor = 600
#net.ipv6.conf.ip6tnl0.max_addresses = 16
#net.ipv6.conf.ip6tnl0.accept_ra_defrtr = true
#net.ipv6.conf.ip6tnl0.accept_ra_pinfo = true
#net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = true
#net.ipv6.conf.ip6tnl0.router_probe_interval = 60
#net.ipv6.conf.ip6tnl0.proxy_ndp = 0
#net.ipv6.conf.ip6tnl0.accept_source_route = 0
#net.ipv6.conf.ip6tnl0.optimistic_dad = false
#net.ipv6.conf.ip6tnl0.disable_ipv6 = 1
#net.ipv6.conf.ip6tnl0.accept_dad = 1
#net.ipv6.conf.ip6tnl0.use_oif_addrs_only = false
#net.ipv6.conf.ip6tnl0.force_tllao = false
#net.ipv6.conf.ip6tnl0.ndisc_notify = false
#net.ipv6.conf.ip6tnl0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.ip6tnl0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.ip6tnl0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.lo.accept_dad = 1
#net.ipv6.conf.lo.accept_ra = 1
#net.ipv6.conf.lo.accept_ra_defrtr = true
#net.ipv6.conf.lo.accept_ra_pinfo = true
#net.ipv6.conf.lo.accept_ra_rtr_pref = true
#net.ipv6.conf.lo.accept_redirects = false
#net.ipv6.conf.lo.accept_source_route = 0
#net.ipv6.conf.lo.autoconf = true
#net.ipv6.conf.lo.dad_transmits = 1
#net.ipv6.conf.lo.force_mld_version = 0
#net.ipv6.conf.lo.force_tllao = false
#net.ipv6.conf.lo.forwarding = true
#net.ipv6.conf.lo.hop_limit = 64
#net.ipv6.conf.lo.max_addresses = 16
#net.ipv6.conf.lo.max_desync_factor = 600
#net.ipv6.conf.lo.mtu = 16436
#net.ipv6.conf.lo.optimistic_dad = 1
#net.ipv6.conf.lo.proxy_ndp = 0
#net.ipv6.conf.lo.regen_max_retry = 5
#net.ipv6.conf.lo.router_probe_interval = 60
#net.ipv6.conf.lo.router_solicitation_delay = 1
#net.ipv6.conf.lo.router_solicitation_interval = 4
#net.ipv6.conf.lo.router_solicitations = 3
#net.ipv6.conf.lo.temp_prefered_lft = 86400
#net.ipv6.conf.lo.temp_valid_lft = 604800
#net.ipv6.conf.lo.use_tempaddr = -1
#net.ipv6.conf.lo.use_oif_addrs_only = false
#net.ipv6.conf.lo.ndisc_notify = false
#net.ipv6.conf.lo.accept_ra_min_hop_limit = 1
#net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
######
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 1
#net.ipv6.conf.p2p0.accept_ra_defrtr = true
#net.ipv6.conf.p2p0.accept_ra_pinfo = true
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = true
#net.ipv6.conf.p2p0.accept_redirects = false
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = true
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 1
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = false
#net.ipv6.conf.p2p0.forwarding = true
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = false
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 5
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = -1
#net.ipv6.conf.p2p0.use_oif_addrs_only = false
#net.ipv6.conf.p2p0.ndisc_notify = false
#net.ipv6.conf.p2p0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.p2p0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.p2p0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.sit0.forwarding = true
#net.ipv6.conf.sit0.hop_limit = 64
#net.ipv6.conf.sit0.mtu = 1480
#net.ipv6.conf.sit0.accept_ra = 1
#net.ipv6.conf.sit0.accept_redirects = false
#net.ipv6.conf.sit0.autoconf = true
#net.ipv6.conf.sit0.dad_transmits = 1
#net.ipv6.conf.sit0.router_solicitations = 3
#net.ipv6.conf.sit0.router_solicitation_interval = 4
#net.ipv6.conf.sit0.router_solicitation_delay = 1
#net.ipv6.conf.sit0.force_mld_version = 0
#net.ipv6.conf.sit0.use_tempaddr = -1
#net.ipv6.conf.sit0.temp_valid_lft = 604800
#net.ipv6.conf.sit0.temp_prefered_lft = 86400
#net.ipv6.conf.sit0.regen_max_retry = 5
#net.ipv6.conf.sit0.max_desync_factor = 600
#net.ipv6.conf.sit0.max_addresses = 16
#net.ipv6.conf.sit0.accept_ra_defrtr = true
#net.ipv6.conf.sit0.accept_ra_pinfo = true
#net.ipv6.conf.sit0.accept_ra_rtr_pref = true
#net.ipv6.conf.sit0.router_probe_interval = 60
#net.ipv6.conf.sit0.proxy_ndp = 0
#net.ipv6.conf.sit0.accept_source_route = 0
#net.ipv6.conf.sit0.optimistic_dad = false
#net.ipv6.conf.sit0.disable_ipv6 = 1
#net.ipv6.conf.sit0.accept_dad = 1
#net.ipv6.conf.sit0.force_tllao = false
#net.ipv6.conf.sit0.use_oif_addrs_only = false
#net.ipv6.conf.sit0.ndisc_notify = false
#net.ipv6.conf.sit0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.sit0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.sit0.mldv1_unsolicited_report_interval = 10000
#####
#net.ipv6.conf.wlan0.accept_dad = 1
#net.ipv6.conf.wlan0.accept_ra = 1
#net.ipv6.conf.wlan0.accept_ra_defrtr = true
#net.ipv6.conf.wlan0.accept_ra_pinfo = true
#net.ipv6.conf.wlan0.accept_ra_rtr_pref = true
#net.ipv6.conf.wlan0.accept_redirects = false
#net.ipv6.conf.wlan0.accept_source_route = 0
#net.ipv6.conf.wlan0.autoconf = true
#net.ipv6.conf.wlan0.dad_transmits = 1
#net.ipv6.conf.wlan0.disable_ipv6 = 1
#net.ipv6.conf.wlan0.force_mld_version = 0
#net.ipv6.conf.wlan0.force_tllao = false
#net.ipv6.conf.wlan0.forwarding = true
#net.ipv6.conf.wlan0.hop_limit = 64
#net.ipv6.conf.wlan0.max_addresses = 16
#net.ipv6.conf.wlan0.max_desync_factor = 600
#net.ipv6.conf.wlan0.mtu = 1500
#net.ipv6.conf.wlan0.optimistic_dad = false
#net.ipv6.conf.wlan0.proxy_ndp = 0
#net.ipv6.conf.wlan0.regen_max_retry = 5
#net.ipv6.conf.wlan0.router_probe_interval = 60
#net.ipv6.conf.wlan0.router_solicitation_delay = 5
#net.ipv6.conf.wlan0.router_solicitation_interval = 1
#net.ipv6.conf.wlan0.router_solicitations = 5
#net.ipv6.conf.wlan0.ndisc_notify = false
#net.ipv6.conf.wlan0.accept_ra_min_hop_limit = 1
#net.ipv6.conf.wlan0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.wlan0.mldv1_unsolicited_report_interval = 10000
# sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
#net.ipv6.conf.wlan0.temp_prefered_lft = 86400
#net.ipv6.conf.wlan0.temp_valid_lft = 604800
#net.ipv6.conf.wlan0.use_tempaddr = -1
#net.ipv6.conf.wlan0.use_oif_addrs_only = false
#net.ipv6.icmp.ratelimit = 1000
#net.ipv6.ip6frag_high_thresh = 262144
#net.ipv6.ip6frag_low_thresh = 196608
#net.ipv6.ip6frag_secret_interval = 600
#net.ipv6.ip6frag_time = 60
#net.ipv6.mld_max_msf = 64
######
#net.ipv6.neigh.default.anycast_delay = 100
#net.ipv6.neigh.default.app_solicit = 0
#net.ipv6.neigh.default.base_reachable_time = 30
#net.ipv6.neigh.default.base_reachable_time_ms = 30000
#net.ipv6.neigh.default.delay_first_probe_time = 5
#net.ipv6.neigh.default.gc_interval = 30
#net.ipv6.neigh.default.gc_stale_time = 60
#net.ipv6.neigh.default.gc_thresh1 = 128
#net.ipv6.neigh.default.gc_thresh2 = 512
#net.ipv6.neigh.default.gc_thresh3 = 1024
#net.ipv6.neigh.default.locktime = 0
#net.ipv6.neigh.default.mcast_solicit = 3
#net.ipv6.neigh.default.proxy_delay = 80
#net.ipv6.neigh.default.proxy_qlen = 64
#net.ipv6.neigh.default.retrans_time = 200
#net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.neigh.default.ucast_solicit = 3
#net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 31
#####
#net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
#net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.app_solicit = 0
#net.ipv6.neigh.ip6tnl0.retrans_time = 200
#net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
#net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
#net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
#net.ipv6.neigh.ip6tnl0.unres_qlen = 3
#net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
#net.ipv6.neigh.ip6tnl0.anycast_delay = 100
#net.ipv6.neigh.ip6tnl0.proxy_delay = 80
#net.ipv6.neigh.ip6tnl0.locktime = 0
#net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
#net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
#net.ipv6.neigh.ip6tnl0.baccept_ra_min_hop_limit = 1
######
#net.ipv6.neigh.lo.app_solicit = 0
#net.ipv6.neigh.lo.anycast_delay = 100
#net.ipv6.neigh.lo.ucast_solicit = 3
#net.ipv6.neigh.lo.base_reachable_time = 30
#net.ipv6.neigh.lo.base_reachable_time_ms = 30000
#net.ipv6.neigh.lo.unres_qlen = 35
#net.ipv6.neigh.lo.delay_first_probe_time = 5
#net.ipv6.neigh.lo.gc_stale_time = 60
#net.ipv6.neigh.lo.locktime = 0
#net.ipv6.neigh.lo.proxy_delay = 80
#net.ipv6.neigh.lo.mcast_solicit = 3
#net.ipv6.neigh.lo.proxy_qlen = 64
#net.ipv6.neigh.lo.retrans_time = 200
#net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 31
#net.ipv6.neigh.lo.accept_ra_min_hop_limit = 1
######
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 31
#net.ipv6.neigh.p2p0.accept_ra_min_hop_limit = 1
#net.ipv6.icmp.xfrm6_gc_thresh = 2048
#net.ipv6.route.mtu_expires = 600
#net.ipv6.route.flush = 1
#net.ipv6.route.min_adv_mss = 1220
#net.ipv6.route.max_size = 4096
#net.ipv6.route.gc_timeout = 60
#net.ipv6.route.gc_thresh = 1024
#net.ipv6.route.gc_min_interval_ms = 500
#net.ipv6.route.gc_min_interval = 0
#net.ipv6.route.gc_interval = 30
#####
#net.ipv6.neigh.sit0.mcast_solicit = 3
#net.ipv6.neigh.sit0.proxy_qlen = 64
#net.ipv6.neigh.sit0.proxy_delay = 80
#net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.sit0.locktime = 0
#net.ipv6.neigh.sit0.delay_first_probe_time = 5
#net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
#net.ipv6.neigh.sit0.base_reachable_time = 30
#net.ipv6.neigh.sit0.gc_stale_time = 60
#net.ipv6.neigh.sit0.app_solicit = 0
#net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 31
#net.ipv6.neigh.sit0.unres_qlen = 35
#net.ipv6.neigh.sit0.ucast_solicit = 3
#net.ipv6.neigh.sit0.accept_ra_min_hop_limit = 1
#####
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 31
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.anycast_delay = 100
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
#net.ipv6.neigh.wlan0.unres_qlen = 35
#net.ipv6.neigh.wlan0.accept_ra_min_hop_limit = 1
#net.ipv6.route.gc_elasticity = 9
#net.ipv6.conf.rndis0.mtu = 1500
#net.ipv6.conf.rndis0.force_tllao = false
#net.ipv6.conf.rndis0.accept_dad = 1
#net.ipv6.conf.rndis0.disable_ipv6 = 1
#net.ipv6.conf.rndis0.optimistic_dad = false
#net.ipv6.conf.rndis0.accept_source_route = 0
#net.ipv6.conf.rndis0.proxy_ndp = 0
#net.ipv6.conf.rndis0.router_probe_interval = 60
#net.ipv6.conf.rndis0.accept_ra_rtr_pref = true
#net.ipv6.conf.rndis0.forwarding = true
#net.ipv6.conf.rndis0.hop_limit = 64
#net.ipv6.conf.rndis0.accept_ra = 1
#net.ipv6.conf.rndis0.accept_redirects = false
#net.ipv6.conf.rndis0.autoconf = true
#net.ipv6.conf.rndis0.dad_transmits = 1
#net.ipv6.conf.rndis0.router_solicitations = 3
#net.ipv6.conf.rndis0.router_solicitation_interval = 4
#net.ipv6.conf.rndis0.router_solicitation_delay = 1
#net.ipv6.conf.rndis0.force_mld_version = 0
#net.ipv6.conf.rndis0.use_tempaddr = -1
#net.ipv6.conf.rndis0.temp_valid_lft = 604800
#net.ipv6.conf.rndis0.temp_prefered_lft = 86400
#net.ipv6.conf.rndis0.regen_max_retry = 5
#net.ipv6.conf.rndis0.max_desync_factor = 600
#net.ipv6.conf.rndis0.max_addresses = 16
#net.ipv6.conf.rndis0.accept_ra_defrtr = true
#net.ipv6.conf.rndis0.accept_ra_pinfo = true
#net.ipv6.conf.rndis0.use_oif_addrs_only = false
#net.ipv6.conf.rndis0.ndisc_notify = false
#net.ipv6.conf.rndis0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rndis0.mldv1_unsolicited_report_interval = 10000
#####
net.ipv6.conf.rmnet2.forwarding = true
#net.ipv6.conf.rmnet2.hop_limit = 64
#net.ipv6.conf.rmnet2.mtu = 1500
#net.ipv6.conf.rmnet2.accept_ra = 1
#net.ipv6.conf.rmnet2.accept_redirects = false
#net.ipv6.conf.rmnet2.autoconf = true
#net.ipv6.conf.rmnet2.dad_transmits = 1
#net.ipv6.conf.rmnet2.router_solicitations = 3
#net.ipv6.conf.rmnet2.router_solicitation_interval = 4
#net.ipv6.conf.rmnet2.router_solicitation_delay = 1
#net.ipv6.conf.rmnet2.force_mld_version = 0
#net.ipv6.conf.rmnet2.use_tempaddr = -1
#net.ipv6.conf.rmnet2.temp_valid_lft = 604800
#net.ipv6.conf.rmnet2.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet2.regen_max_retry = 5
#net.ipv6.conf.rmnet2.max_desync_factor = 600
#net.ipv6.conf.rmnet2.max_addresses = 16
#net.ipv6.conf.rmnet2.accept_ra_defrtr = true
#net.ipv6.conf.rmnet2.accept_ra_pinfo = true
#net.ipv6.conf.rmnet2.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet2.router_probe_interval = 60
#net.ipv6.conf.rmnet2.proxy_ndp = 0
#net.ipv6.conf.rmnet2.accept_source_route = 0
#net.ipv6.conf.rmnet2.optimistic_dad = false
#net.ipv6.conf.rmnet2.accept_ra_rt_info_max_plen = 0
#net.ipv6.conf.rmnet2.disable_ipv6 = 1
#net.ipv6.conf.rmnet2.accept_dad = 1
#net.ipv6.conf.rmnet2.force_tllao = false
#net.ipv6.conf.rmnet2.use_oif_addrs_only = false
#net.ipv6.conf.rmnet2.ndisc_notify = false
#net.ipv6.conf.rmnet2.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet2.mldv1_unsolicited_report_interval = 10000
####
net.ipv6.conf.rmnet1.forwarding = true
#net.ipv6.conf.rmnet1.hop_limit = 64
#net.ipv6.conf.rmnet1.mtu = 1500
#net.ipv6.conf.rmnet1.accept_ra = 2
#net.ipv6.conf.rmnet1.accept_redirects = false
#net.ipv6.conf.rmnet1.autoconf = true
#net.ipv6.conf.rmnet1.dad_transmits = 1
#net.ipv6.conf.rmnet1.router_solicitations = 3
#net.ipv6.conf.rmnet1.router_solicitation_interval = 4
#net.ipv6.conf.rmnet1.router_solicitation_delay = 1
#net.ipv6.conf.rmnet1.force_mld_version = 0
#net.ipv6.conf.rmnet1.use_tempaddr = -1
#net.ipv6.conf.rmnet1.temp_valid_lft = 604800
#net.ipv6.conf.rmnet1.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet1.regen_max_retry = 5
#net.ipv6.conf.rmnet1.max_desync_factor = 600
#net.ipv6.conf.rmnet1.max_addresses = 16
#net.ipv6.conf.rmnet1.accept_ra_defrtr = true
#net.ipv6.conf.rmnet1.accept_ra_pinfo = true
#net.ipv6.conf.rmnet1.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet1.router_probe_interval = 60
#net.ipv6.conf.rmnet1.proxy_ndp = 0
#net.ipv6.conf.rmnet1.accept_source_route = 0
#net.ipv6.conf.rmnet1.optimistic_dad = false
#net.ipv6.conf.rmnet1.disable_ipv6 = 1
#net.ipv6.conf.rmnet1.accept_dad = 1
#net.ipv6.conf.rmnet1.force_tllao = false
#net.ipv6.conf.rmnet1.use_oif_addrs_only = false
#net.ipv6.conf.rmnet1.ndisc_notify = false
#net.ipv6.conf.rmnet1.accept_ra_rt_info_max_plen = 0
#net.ipv6.conf.rmnet1.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet1.mldv1_unsolicited_report_interval = 10000
####
#net.ipv6.conf.rmnet0.forwarding = true
#net.ipv6.conf.rmnet0.hop_limit = 64
#net.ipv6.conf.rmnet0.mtu = 1358
#net.ipv6.conf.rmnet0.accept_ra = 1
#net.ipv6.conf.rmnet0.accept_redirects = false
#net.ipv6.conf.rmnet0.autoconf = true
#net.ipv6.conf.rmnet0.dad_transmits = 1
#net.ipv6.conf.rmnet0.router_solicitations = 3
#net.ipv6.conf.rmnet0.router_solicitation_interval = 4
#net.ipv6.conf.rmnet0.router_solicitation_delay = 1
#net.ipv6.conf.rmnet0.force_mld_version = 0
#net.ipv6.conf.rmnet0.use_tempaddr = -1
#net.ipv6.conf.rmnet0.temp_valid_lft = 604800
#net.ipv6.conf.rmnet0.temp_prefered_lft = 86400
#net.ipv6.conf.rmnet0.regen_max_retry = 5
#net.ipv6.conf.rmnet0.max_desync_factor = 600
#net.ipv6.conf.rmnet0.max_addresses = 16
#net.ipv6.conf.rmnet0.accept_ra_defrtr = true
#net.ipv6.conf.rmnet0.accept_ra_pinfo = true
#net.ipv6.conf.rmnet0.accept_ra_rtr_pref = true
#net.ipv6.conf.rmnet0.router_probe_interval = 60
#net.ipv6.conf.rmnet0.proxy_ndp = 0
#net.ipv6.conf.rmnet0.accept_source_route = 0
#net.ipv6.conf.rmnet0.optimistic_dad = false
#net.ipv6.conf.rmnet0.disable_ipv6 = 1
#net.ipv6.conf.rmnet0.accept_dad = 1
#net.ipv6.conf.rmnet0.force_tllao = false
#net.ipv6.conf.rmnet0.use_oif_addrs_only = false
#net.ipv6.conf.rmnet0.ndisc_notify = false
#net.ipv6.conf.rmnet0.mldv2_unsolicited_report_interval = 1000
#net.ipv6.conf.rmnet0.mldv1_unsolicited_report_interval = 10000
######
#net.ipv6.neigh.rndis0.mcast_solicit = 3
#net.ipv6.neigh.rndis0.ucast_solicit = 3
#net.ipv6.neigh.rndis0.app_solicit = 0
#net.ipv6.neigh.rndis0.retrans_time = 200
#net.ipv6.neigh.rndis0.base_reachable_time = 30
#net.ipv6.neigh.rndis0.delay_first_probe_time = 5
#net.ipv6.neigh.rndis0.gc_stale_time = 60
#net.ipv6.neigh.rndis0.unres_qlen = 3
#net.ipv6.neigh.rndis0.proxy_qlen = 64
#net.ipv6.neigh.rndis0.anycast_delay = 100
#net.ipv6.neigh.rndis0.proxy_delay = 80
#net.ipv6.neigh.rndis0.locktime = 0
#net.ipv6.neigh.rndis0.retrans_time_ms = 1000
#net.ipv6.neigh.rndis0.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet2.mcast_solicit = 3
#net.ipv6.neigh.rmnet2.ucast_solicit = 3
#net.ipv6.neigh.rmnet2.app_solicit = 0
#net.ipv6.neigh.rmnet2.retrans_time = 200
#net.ipv6.neigh.rmnet2.base_reachable_time = 30
#net.ipv6.neigh.rmnet2.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet2.gc_stale_time = 60
#net.ipv6.neigh.rmnet2.unres_qlen = 3
#net.ipv6.neigh.rmnet2.proxy_qlen = 64
#net.ipv6.neigh.rmnet2.anycast_delay = 100
#net.ipv6.neigh.rmnet2.proxy_delay = 80
#net.ipv6.neigh.rmnet2.locktime = 0
#net.ipv6.neigh.rmnet2.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet2.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet1.mcast_solicit = 3
#net.ipv6.neigh.rmnet1.ucast_solicit = 3
#net.ipv6.neigh.rmnet1.app_solicit = 0
#net.ipv6.neigh.rmnet1.retrans_time = 200
#net.ipv6.neigh.rmnet1.base_reachable_time = 30
#net.ipv6.neigh.rmnet1.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet1.gc_stale_time = 60
#net.ipv6.neigh.rmnet1.unres_qlen = 3
#net.ipv6.neigh.rmnet1.proxy_qlen = 64
#net.ipv6.neigh.rmnet1.anycast_delay = 100
#net.ipv6.neigh.rmnet1.proxy_delay = 80
#net.ipv6.neigh.rmnet1.locktime = 0
#net.ipv6.neigh.rmnet1.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet1.base_reachable_time_ms = 30000
######
#net.ipv6.neigh.rmnet0.mcast_solicit = 3
#net.ipv6.neigh.rmnet0.ucast_solicit = 3
#net.ipv6.neigh.rmnet0.app_solicit = 0
#net.ipv6.neigh.rmnet0.retrans_time = 200
#net.ipv6.neigh.rmnet0.base_reachable_time = 30
#net.ipv6.neigh.rmnet0.delay_first_probe_time = 5
#net.ipv6.neigh.rmnet0.gc_stale_time = 60
#net.ipv6.neigh.rmnet0.unres_qlen = 3
#net.ipv6.neigh.rmnet0.proxy_qlen = 64
#net.ipv6.neigh.rmnet0.anycast_delay = 100
#net.ipv6.neigh.rmnet0.proxy_delay = 80
#net.ipv6.neigh.rmnet0.locktime = 0
#net.ipv6.neigh.rmnet0.retrans_time_ms = 1000
#net.ipv6.neigh.rmnet0.base_reachable_time_ms = 30000
######


# /proc/sys/net/core - Network core options
###############
#net.core.bpf_jit_enable = 0
#net.core.default_qdisc = fq
net.core.rmem_default = 262144
net.core.wmem_default = 131072
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
#net.core.busy_read = 0
#net.core.busy_poll = 0
net.core.netdev_budget = 300
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
#net.core.hot_list_length = 1024
net.core.rmem_default = 163840
net.core.tstamp_allow_data = 1
net.core.rmem_max = 16777216
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 128
#net.core.warnings = 1
net.core.wmem_max = 16777216
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
#net.core.netdev_rss_key =
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 50168
net.phonet.local_port_range = 64 255
net.core.netdev_max_backlog = 3000


# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
###############
net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576


###############################
# VM & Filesystem tweaks
# (e.g specifies amount of virtual RAM,
# if it should kill a task or not,
# how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 45
#fs.file-max = 80249
fs.nr_open = 1048576
fs.leases-enable = 1
#fs.inotify.max_queued_events = 16384
#fs.inotify.max_user_instances = 256
#fs.inotify.max_user_watches = 8192
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
fs.overflowuid = 65534
#fs.protected_symlinks = 1
vm.overcommit_memory = 1
vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
vm.overcommit_ratio = 0
vm.drop_caches = 0
#vm.extfrag_threshold = 500
vm.swappiness = 0
vm.dirty_writeback_centisecs = 2000
vm.dirty_expire_centisecs = 1000
#vm.dirty_ratio = 90
vm.highmem_is_dirtyable = 0
#vm.dirty_background_ratio = 70
#vm.max_map_count = 65530
vm.oom_kill_allocating_task = 0
vm.nr_pdflush_threads = 0
vm.mmap_min_addr = 4096
#vm.min_free_kbytes = 11264
vm.panic_on_oom = 0
vm.vfs_cache_pressure = 10
vm.laptop_mode = 0
vm.block_dump = 0
vm.scan_unevictable_pages = 0
vm.percpu_pagelist_fraction = 0
vm.stat_interval = 1
#vold.post_fs_data_done = 1
#vm.dirty_background_bytes = 0
#vm.dirty_bytes = 0

# Disables logging
###############
#rm /dev/log/main


dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 217429
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 15905 7235
#fs.inode-state = 20259 0 0 0 0 0 0
fs.suid_dumpable = 0
fs.pipe-max-size = 1048576
#kernel.auto_msgmni = 1
kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36


###############
# Kernel params
###############
kernel.random.write_wakeup_threshold = 2048
#kernel.sched_features = 24189
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
kernel.sched_child_runs_first = 0
kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
kernel.watchdog = 1
#kernel.version = 479 SMP PREEMPT Mon Mar 30 13:32:29 CEST 2015
kernel.real-root-dev = 0
#kernel.sched_autogroup_enabled = 0
#kernel.sched_migration_cost_ns = 5000000
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
#kernel.sched_domain.cpu4.domain0.busy_factor = 64
#kernel.sched_domain.cpu4.domain0.busy_idx = 2
#kernel.sched_domain.cpu4.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu4.domain0.flags = 4143
#kernel.sched_domain.cpu4.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu4.domain0.idle_idx = 1
#kernel.sched_domain.cpu4.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu4.domain0.max_interval = 4
#kernel.sched_domain.cpu4.domain0.min_interval = 1
#kernel.sched_domain.cpu4.domain0.name = CPU
#kernel.sched_domain.cpu4.domain0.newidle_idx = 0
#kernel.sched_domain.cpu4.domain0.wake_idx = 0
kernel.sched_latency_ns = 10000000
kernel.sched_migration_cost = 500000
kernel.sched_min_granularity_ns = 2250000
kernel.sched_nr_migrate = 32
kernel.sched_rt_period_us = 1000000
kernel.sched_rt_runtime_us = 950000
kernel.sched_shares_window = 10000000
kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250	32000	32	128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
#kernel.shmall = 2097152   or    268435456 -> getconf PAGE_SIZE
#kernel.random.poolsize = 4096
kernel.shmmax = 33554432
kernel.shmmni = 4096
kernel.softlockup_panic = 1
kernel.tainted = 1
kernel.threads-max = 12542
kernel.timer_migration = 1
#kernel.usermodehelper.inheritable = 4294967295 4294967295
#kernel.usermodehelper.bset = 4294967295 4294967295
#kernel.random.uuid = 465b8dc9-8ba6-474d-a762-a932375082f0
#kernel.random.entropy_avail = 4096
kernel.random.read_wakeup_threshold = 4096
#kernel.random.boot_id = 77705164-182c-454a-ae31-6dc047e57c3e
kernel.auto_msgmni = 1
#kernel.maps_protect = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
kernel.core_pattern = core
kernel.core_pipe_limit = 0
kernel.core_uses_pid = 1
kernel.ctrl-alt-del = 1
kernel.dmesg_restrict = 2
kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
kernel.hostname = localhost
kernel.hotplug = /sbin/hotplug
kernel.hung_task_check_count = 32768
kernel.hung_task_panic = 1
kernel.hung_task_timeout_secs = 30
#kernel.hung_task_warnings = 10
kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
kernel.keys.maxkeys = 200
kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 1
kernel.max_lock_depth = 1024
#kernel.numa_balancing = 1
kernel.msgmax = 65536
kernel.msgmnb = 65536
#kernel.msgmni = 1119
#kernel.ngroups_max = 65536
kernel.nmi_watchdog = 1
#kernel.osrelease = 4.1.1
kernel.ostype = Linux
#kernel.watchdog_cpumask = 0,2-4
kernel.overflowgid = 65534
kernel.overflowuid = 65534
#kernel.panic = 1
kernel.panic_on_oops = 1
kernel.pid_max = 65536
#kernel.panic_on_warn = 0
#kernel.perf_cpu_time_max_percent = 0
kernel.poweroff_cmd = /sbin/poweroff
kernel.print-fatal-signals = 0
#kernel.printk = 4 4 1 7
#kernel.panic_on_unrecovered_nmi = 1
kernel.printk_delay = 0
#kernel.panic_on_stackoverflow = 1
kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024
kernel.modprobe = /sbin/modprobe
kernel.modules_disabled = 0
kernel.cad_pid = 1
kernel.randomize_va_space = 2
crypto.fips_status = 0


# Controls the System Request debugging functionality
# of the kernel (magic-sysrq key)
#   0 - disable sysrq completely
#   1 - enable all functions of sysrq
#  >1 - bitmask of allowed sysrq functions
# (see below for detailed function description):
#          2 =   0x2 - enable control of console logging level
#          4 =   0x4 - enable control of keyboard (SAK, unraw)
#          8 =   0x8 - enable debugging dumps of processes etc.
#         16 =  0x10 - enable sync command
#         32 =  0x20 - enable remount read-only
#         64 =  0x40 - enable signalling of processes (term, kill, oom-kill)
#        128 =  0x80 - allow reboot/poweroff
#        256 = 0x100 - allow nicing of all RT tasks
kernel.sysrq = 1


###############
### CIPSOv4 ###
###############
# fixme
#cipso_cache_enable = true
#cipso_cache_bucket_size = 10
#cipso_rbm_optfmt = false
#cipso_rbm_structvalid = false

## tweaked-sysctl.conf
# Kernel sysctl configuration for Android only! Needs Kernel above 2.6+ ~ 4.0
# For network and some tweaks only, do not set all params here -> overkill
# 2015 version by CHEF-KOCH
# EOL UNIX
# chmod 0.0 755 /etc/sysctl.conf or /system/etc/sysctl.conf
# For binary values, 0 is disabled, 1 is enabled.
#
# ADDITIONAL INFO - MUST READ !!!
# http://linux.die.net/man/8/sysctl
# http://linux.die.net/man/5/sysctl.conf
# http://archive09.linux.com/feature/146599
# https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/diff/Documentation/networking/ip-sysctl.txt
# ^^ -> https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
# See http://goo.gl/krtf9 - Linux Memory Consumption - Nice article!
# See http://goo.gl/hFdNO - Memory and SuperCharging Overview, or... "Why 'Free RAM' Is NOT Wasted RAM!"
# See http://goo.gl/4w0ba - MFK Calculator Info - explanation for vm.min_free_kbytes.
# See http://goo.gl/P8Bvu - How Entropy-ness Enlarger works.
# See http://goo.gl/Zc85j - Possible reasons why it may actually do something
# See http://www.roms-au.com/faq/technical/ - Technical stuff about the Kernel
# See https://census.tsyrklevich.net/devices/129/sysctls
# See http://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.obscure.html
# Script Manager available over here: http://play.google.com/store/apps/details?id=os.tools.scriptmanager
#
#1) First enable sysctl from Liberty settings, if you are on Liberty
#2) Run Root Explorer
#3) Modify /data/liberty/init.d.conf to make sure that sysctl is enabled ("sysctl = 1")
#4) Go to /system/etc/, and mount it r/w
#5) Modify sysctl.conf by long pressing the sysctl.conf file and selecting "Open in Text Editor." When finished, save the file and exit
#6) Run Terminal Emulator
#7) Type "sysctl -p" or "sysctl -w" (output should confirm whether you've done step 4&5 correctly)
#8) Check with "sysctl -a| grep vm" or "pgrep -f crond" in Terminal Emulator if all was done! ("sysctl -a" will display all the kernel settings!

#
# How to fix permission denied - try /sbin/sysctl -p
#
#


# You can verify the Linux networking kernel parms from the root user with these commands:
# e.g. sysctl -a | grep ipv4.ip_local

#mount -o rw,remount /system

# If not works for you try -> busybox sysctl -w

############
## Warning:
# -> This is a list of all -> really all Kernel parameters from sysctl, you kernel may not support all,
# so some entries may be skipped but it won't break something!
# https://gist.github.com/CHEF-KOCH/0001e66a8c10b1177abe
############

############
# IPv6 static address configuration for linux hosts
#
#net.ipv6.conf.eth0.accept_ra = 0
#
#NETWORKING_IPV6=yes
#IPV6FORWARDING=no
#IPV6_AUTOCONF=no
#IPV6_AUTOTUNNEL=no
#IPV6_DEFAULTGW=fe80::1
#IPV6_DEFAULTDEV=eth0
#
# In your script add
#IPV6INIT=yes
#IPV6ADDR=2607:f388:xxxx:yyyy::zzzz/64     # replace with your static address
############

# Disable bridge firewalling by default (deprecated)
# https://forum.openwrt.org/viewtopic.php?pid=143700#p143700
# /proc/sys/net/bridge/*
#net.bridge.bridge-nf-call-arptables = 1
#net.bridge.bridge.bridge-nf-call-ip6tables = 1
#net.bridge.bridge.bridge-nf-call-iptables = 1
#net.bridge.bridge-nf-filter-vlan-tagged = 0
#net.bridge.bridge-nf-filter-pppoe-tagged = 0
#net.bridge.bridge-nf-pass-vlan-input-dev = 0

#proc/sys/net/sctp/*
#RFC5061
#net.sctp.addip_enable = 0
#net.sctp.addip_noauth_enable = 0
#net.sctp.auth_enable = 0
#net.sctp.prsctp_enable = 1
#net.sctp.max_burst = 4
#net.sctp.association_max_retrans = 10
#net.sctp.max_init_retransmits = 8
#net.sctp.path_max_retrans = 5
#net.sctp.pf_retrans = 0
#net.sctp.rto_initial = 3000
#net.sctp.rto_max = 60000
#net.sctp.rto_min = 1000
#net.sctp.hb_interval = 30000
#net.sctp.sack_timeout = 200
#net.sctp.valid_cookie_life = 60000
#net.sctp.cookie_preserve_enable = 1
#net.sctp.cookie_hmac_alg = sha1
#net.sctp.rcvbuf_policy = 0
#net.sctp.sndbuf_policy = 0
#Default is calculated at boot time from amount of available memory
#net.sctp.sctp_mem =
#net.sctp.sctp_rmem = 1
# 0- 3
#net.sctp.sctp_wmem = 1


# Caching(deprecated)
# -1 means infinitive cacheing
#networkaddress.cache.ttl = 0
#networkaddress.cache.negative.ttl = 0 #Default 10

## WTF!
#profiler.force_disable_ulog=1
#rofiler.force_disable_err_rpt=1
# /WTF!

# Limit responses to ICMP for bandwidth purposes
#net.inet.icmp.icmplim = 10
#net.inet.icmp.maskrepl = 0
#net.inet.icmp.drop_redirect = 1
#net.icmp.bmcastecho = 0

# Forces a single pass through the firewall. If set to 0,
# packets coming out of a pipe will be reinjected into the
# firewall starting with the rule after the matching one.
# NOTE: there is always one pass for bridged packets.
#net.inet.ip.fw.one_pass = 0


# Stealth IP networking
# net.inet.ip.stealth=0

# Drop synfin packets
# net.inet.tcp.drop_synfin=1

# Icmp may NOT rst (deprecated)
#net.inet.tcp.icmp_may_rst = 0


###############################
#  IPv4
###############################
# Controls IP packet forwarding
#default 1
net.ipv4.ip_forward = 1
net.ipv4.conf.default.proxy_arp = 0
#net.ipv4.ip_dynaddr = 1
net.ipv4.xfrm4_gc_thresh = 131072
# RFC1700 Range between 1 and 255 inclusive are possible
net.ipv4.ip_default_ttl = 64

# Enable route verification on all interfaces
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.lo.rp_filter = 1
#net.ipv4.conf.eth0.rp_filter = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.inet_peer_threshold = 65664
net.ipv4.conf.all.proxy_arp = 1
net.ipv4.inet_peer_minttl = 120
net.ipv4.inet_peer_maxttl = 600
net.ipv4.igmp_max_msf = 10

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.lo.accept_source_route = 0
#net.ipv4.conf.eth0.accept_source_route = 0
net.ipv4.conf.default.secure_redirects = 0

# Disable ICMP Redirect Acceptance
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
#net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0


# TCP SYN cookie protection (default) helps protect against SYN flood attacks only kicks in when net.ipv4.tcp_max_syn_backlog is reached
# Needs kernel with CONFIG_SYN_COOKIES compiled
#net.ipv4.tcp_syncookies = 1

# TCP Explicit Congestion Notification
net.ipv4.tcp_ecn = 0

# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1


# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15

# Decrease the time default value for tcp_keepalive_time connect
net.ipv4.tcp_keepalive_time = 1800

# Turn on/off the tcp_window_scaling
net.ipv4.tcp_window_scaling = 0

# Turn on/off the tcp_sack
net.ipv4.tcp_sack = 0

# Turn on/off the tcp_dsack
net.ipv4.tcp_dsack = 1

## tcp timestamps
## + protect against wrapping sequence numbers (at gigabit speeds)
## + round trip time calculation implemented in TCP
## - causes extra overhead and allows uptime detection by scanners like nmap
## enable @ gigabit speeds
net.ipv4.tcp_timestamps = 1

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.lo.log_martians = 0
#net.ipv4.conf.eth0.log_martians = 0

# Increases the size of the socket queue (effectively, q0).
net.ipv4.tcp_max_syn_backlog = 1024

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Ignore all ICMP Echo spam
net.ipv4.icmp_echo_ignore_all = 1

# Allowed local port range, default empty because redundant
#net.ipv4.ip_local_port_range = 32000	61000

# This may cause dropped frames with load-balancing and NATs, only use this for a server that communicates only over your local network.
# Reuse/recycle time-wait sockets
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

# Protect against tcp time-wait assassination hazards
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_retries1 = 1
net.ipv4.tcp_retries2 = 10

# Send redirects (not a router, disable it)
net.ipv4.conf.all.send_redirects = 0

# By default we don't trust protocol path MTUs while forwarding because they could be easily forged and can lead to unwanted fragmentation by the router.
ip_forward_use_pmtu = 0

fwmark_reflect = 0
# From linux kernel 3.6 onwards, this is deprecated for ipv4 as route cache is no longer used.
#route/max_size =


# Undocumented !!!
# /proc/sys/net/irda/*
#net.irda.fast_poll_increase =
#net.irda.warn_noreply_time =
#net.irda.discovery_slots =
#net.irda.slot_timeout =
#net.irda.max_baud_rate =
#net.irda.discovery_timeout =
#net.irda.lap_keepalive_time =
#net.irda.max_noreply_time =
#net.irda.max_tx_data_size =
#net.irda.max_tx_window =
#net.irda.min_tx_turn_time =

#The maximum length of dgram socket receive queue
net.unix.max_dgram_qlen = 10

# 31 seconds (default 5)
net.ipv4.tcp_synack_retries = 5


#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###########################################
#net.ipv4.igmp_max_memberships = 100
###########################################
#net.tcp.default_init_rwnd = 60 #deprecated
###########################################
net.ipv4.tcp_syn_retries = 5
###########################################
net.ipv4.route.flush = 1
###########################################
#net.ipv4.conf.<device>.rp_filter = 1
###########################################
net.ipv4.tcp_keepalive_probes = 5
###########################################
net.ipv4.tcp_keepalive_intvl = 60
###########################################
net.ipv4.tcp_rmem = '6144 87380 1048576'
###########################################
net.ipv4.tcp_wmem = '6144 87380 1048576'
###########################################
net.ipv4.tcp_mem = '187000 187000 187000'
###########################################
#The default value held by this entry varies heavily depending on how much memory you have.
#net.ipv4.<netfilter>.ip_conntrack_max=
###########################################
#net.ipv4.<netfilter>.ip_ct_generic_timeout = 600 #deprecated
###########################################
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 28800
###########################################
#net.ipv4.netfilter.ip_conntrack_max = 262144
###########################################
#net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
###########################################
net.ipv4.tcp_fack = 1
###########################################
net.ipv4.tcp_no_metrics_save = 1
###########################################
net.ipv4.tcp_congestion_control=cubic
###########################################
net.ipv4.tcp_moderate_rcvbuf = 1
###########################################
net.ipv4.udp_rmem_min = 6144
###########################################
net.ipv4.udp_wmem_min = 6144
###########################################
net.ipv4.udp_mem = 11799 15732 23598
###########################################
net.ipv4.tcp_workaround_signed_windows = 0
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
###########################################


# .autoconf set to 0 if you use a static ip!

net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_thin_linear_timeouts = 0
net.ipv4.tcp_thin_dupack = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_max_ssthresh = 0
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_frto = 2
net.ipv4.tcp_challenge_ack_limit = 100
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_adv_win_scale = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_abc = 0
net.ipv4.rt_cache_rebuild_count = 4
net.ipv4.route.redirect_silence = 4096
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_load = 4
net.ipv4.route.mtu_expires = 600
net.ipv4.route.min_adv_mss = 256
# Minimum discovered Path MTU
net.ipv4.route.min_pmtu = 552
net.ipv4.route.max_size = 262144
net.ipv4.route.gc_timeout = 300
#Disable Path MTU Discovery. 0-3
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ipfrag_max_dist = 64
net.ipv4.ipfrag_secret_interval = 600
net.ipv4.ipfrag_time = 30
net.ipv4.neigh.default.anycast_delay = 100
net.ipv4.neigh.default.app_solicit = 0
net.ipv4.neigh.default.base_reachable_time = 30
net.ipv4.neigh.default.base_reachable_time_ms = 30000
net.ipv4.neigh.default.delay_first_probe_time = 5
net.ipv4.neigh.default.gc_interval = 30
net.ipv4.neigh.default.gc_stale_time = 60
net.ipv4.neigh.default.gc_thresh1 = 128
net.ipv4.neigh.default.gc_thresh2 = 512
net.ipv4.neigh.default.gc_thresh3 = 1024
net.ipv4.neigh.default.locktime = 100
net.ipv4.neigh.default.mcast_solicit = 3
net.ipv4.neigh.default.proxy_delay = 80
net.ipv4.neigh.default.proxy_qlen = 64
net.ipv4.neigh.default.retrans_time = 100
net.ipv4.neigh.default.retrans_time_ms = 1000
net.ipv4.neigh.default.ucast_solicit = 3
net.ipv4.neigh.default.unres_qlen = 35
net.ipv4.neigh.ip6tnl0.anycast_delay = 100
net.ipv4.neigh.ip6tnl0.app_solicit = 0
net.ipv4.neigh.ip6tnl0.base_reachable_time = 30
net.ipv4.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv4.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv4.neigh.ip6tnl0.gc_stale_time = 60
net.ipv4.neigh.ip6tnl0.locktime = 100
net.ipv4.neigh.ip6tnl0.mcast_solicit = 3
net.ipv4.neigh.ip6tnl0.proxy_delay = 80
net.ipv4.neigh.ip6tnl0.proxy_qlen = 64
net.ipv4.neigh.ip6tnl0.retrans_time = 100
net.ipv4.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv4.neigh.ip6tnl0.ucast_solicit = 3
net.ipv4.neigh.ip6tnl0.unres_qlen = 35
#deprecated
#net.ipv4.neigh.default.unres_qlen_bytes = 65536
#net.ipv4.neigh.ip6tnl0.unres_qlen_bytes = 65536
net.ipv4.neigh.lo.anycast_delay = 100
net.ipv4.neigh.lo.app_solicit = 0
net.ipv4.neigh.lo.base_reachable_time = 30
net.ipv4.neigh.lo.base_reachable_time_ms = 30000
net.ipv4.neigh.lo.delay_first_probe_time = 5
net.ipv4.neigh.lo.gc_stale_time = 60
net.ipv4.neigh.lo.locktime = 100
net.ipv4.neigh.lo.mcast_solicit = 3
net.ipv4.neigh.lo.proxy_delay = 80
net.ipv4.neigh.lo.proxy_qlen = 64
net.ipv4.neigh.lo.retrans_time = 100
net.ipv4.neigh.lo.retrans_time_ms = 1000
net.ipv4.neigh.lo.ucast_solicit = 3
net.ipv4.neigh.lo.unres_qlen = 35
# Deprecated
#net.ipv4.neigh.lo.unres_qlen_bytes = 65536
#
# p2p0 iface
#net.ipv4.neigh.p2p0.anycast_delay = 100
#net.ipv4.neigh.p2p0.app_solicit = 0
#net.ipv4.neigh.p2p0.base_reachable_time = 30
#net.ipv4.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv4.neigh.p2p0.delay_first_probe_time = 5
#net.ipv4.neigh.p2p0.gc_stale_time = 60
#net.ipv4.neigh.p2p0.locktime = 100
#net.ipv4.neigh.p2p0.mcast_solicit = 3
#net.ipv4.neigh.p2p0.proxy_delay = 80
#net.ipv4.neigh.p2p0.proxy_qlen = 64
#net.ipv4.neigh.p2p0.retrans_time = 100
#net.ipv4.neigh.p2p0.retrans_time_ms = 1000
#net.ipv4.neigh.p2p0.ucast_solicit = 3
#net.ipv4.neigh.p2p0.unres_qlen = 35
#net.ipv4.neigh.p2p0.unres_qlen_bytes = 65536
# /p2p0 iface
net.ipv4.neigh.sit0.anycast_delay = 100
net.ipv4.neigh.sit0.app_solicit = 0
net.ipv4.neigh.sit0.base_reachable_time = 30
net.ipv4.neigh.sit0.base_reachable_time_ms = 30000
net.ipv4.neigh.sit0.delay_first_probe_time = 5
net.ipv4.neigh.sit0.gc_stale_time = 60
net.ipv4.neigh.sit0.locktime = 100
net.ipv4.neigh.sit0.mcast_solicit = 3
net.ipv4.neigh.sit0.proxy_delay = 80
net.ipv4.neigh.sit0.proxy_qlen = 64
net.ipv4.neigh.sit0.retrans_time = 100
net.ipv4.neigh.sit0.retrans_time_ms = 1000
net.ipv4.neigh.sit0.ucast_solicit = 3
net.ipv4.neigh.sit0.unres_qlen = 35
net.ipv4.neigh.sit0.unres_qlen_bytes = 65536
net.ipv4.neigh.wlan0.anycast_delay = 100
net.ipv4.neigh.wlan0.app_solicit = 0
net.ipv4.neigh.wlan0.base_reachable_time = 30
net.ipv4.neigh.wlan0.base_reachable_time_ms = 30000
net.ipv4.neigh.wlan0.delay_first_probe_time = 5
net.ipv4.neigh.wlan0.gc_stale_time = 60
net.ipv4.neigh.wlan0.locktime = 100
net.ipv4.neigh.wlan0.mcast_solicit = 3
net.ipv4.neigh.wlan0.proxy_delay = 80
net.ipv4.neigh.wlan0.proxy_qlen = 64
net.ipv4.neigh.wlan0.retrans_time = 100
net.ipv4.neigh.wlan0.retrans_time_ms = 1000
net.ipv4.neigh.wlan0.ucast_solicit = 3
net.ipv4.neigh.wlan0.unres_qlen = 35
net.ipv4.neigh.wlan0.unres_qlen_bytes = 65536
net.ipv4.netfilter.ip_conntrack_buckets = 16384
net.ipv4.netfilter.ip_conntrack_checksum = 1
net.ipv4.netfilter.ip_conntrack_count = 36
net.ipv4.netfilter.ip_conntrack_generic_timeout = 600
net.ipv4.netfilter.ip_conntrack_icmp_timeout = 30
net.ipv4.netfilter.ip_conntrack_log_invalid = 0
net.ipv4.netfilter.ip_conntrack_max = 65536
net.ipv4.netfilter.ip_conntrack_sctp_timeout_closed = 10
net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_echoed = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_cookie_wait = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_ack_sent = 3
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_recd = 0
net.ipv4.netfilter.ip_conntrack_sctp_timeout_shutdown_sent = 0
net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 0
net.ipv4.netfilter.ip_conntrack_tcp_loose = 1
net.ipv4.netfilter.ip_conntrack_tcp_max_retrans = 3
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close = 10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 432000
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack = 30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans = 300
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2 = 120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 120
net.ipv4.netfilter.ip_conntrack_udp_timeout = 30
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream = 180
net.ipv4.ping_group_range = 0 2147483647
net.ipv4.route.error_burst = 1000
net.ipv4.route.error_cost = 200
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.gc_interval = 60
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_thresh = 16384
# Default empty because redundant
net.ipv4.ip_local_reserved_ports = 32000 61000
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.arp_accept = 0
net.ipv4.conf.all.arp_announce = 0
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.arp_ignore = 0
net.ipv4.conf.all.arp_notify = 0
net.ipv4.conf.all.bootp_relay = 0
net.ipv4.conf.all.disable_policy = 0
net.ipv4.conf.all.disable_xfrm = 0
net.ipv4.conf.all.force_igmp_version = 0
net.ipv4.conf.all.forwarding = 0
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.medium_id = 0
net.ipv4.conf.all.promote_secondaries = 0
net.ipv4.conf.all.proxy_arp = 0
net.ipv4.conf.all.proxy_arp_pvlan = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.all.shared_media = 1
net.ipv4.conf.all.src_valid_mark = 0
net.ipv4.conf.all.tag = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.arp_accept = 0
net.ipv4.conf.default.arp_announce = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.arp_ignore = 0
net.ipv4.conf.default.arp_notify = 0
net.ipv4.conf.default.bootp_relay = 0
net.ipv4.conf.default.disable_policy = 0
net.ipv4.conf.default.disable_xfrm = 0
net.ipv4.conf.default.force_igmp_version = 0
net.ipv4.conf.default.forwarding = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.medium_id = 0
net.ipv4.conf.default.promote_secondaries = 0
net.ipv4.conf.default.proxy_arp = 0
net.ipv4.conf.default.proxy_arp_pvlan = 0
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.default.shared_media = 1
net.ipv4.conf.default.src_valid_mark = 0
net.ipv4.conf.default.tag = 0
net.ipv4.conf.ip6tnl0.accept_local = 0
net.ipv4.conf.ip6tnl0.accept_redirects = 1
net.ipv4.conf.ip6tnl0.accept_source_route = 1
net.ipv4.conf.ip6tnl0.arp_accept = 0
net.ipv4.conf.ip6tnl0.arp_announce = 0
net.ipv4.conf.ip6tnl0.arp_filter = 0
net.ipv4.conf.ip6tnl0.arp_ignore = 0
net.ipv4.conf.ip6tnl0.arp_notify = 0
net.ipv4.conf.ip6tnl0.bootp_relay = 0
net.ipv4.conf.ip6tnl0.disable_policy = 0
net.ipv4.conf.ip6tnl0.disable_xfrm = 0
net.ipv4.conf.ip6tnl0.force_igmp_version = 0
net.ipv4.conf.ip6tnl0.forwarding = 0
net.ipv4.conf.ip6tnl0.log_martians = 0
net.ipv4.conf.ip6tnl0.mc_forwarding = 0
net.ipv4.conf.ip6tnl0.medium_id = 0
net.ipv4.conf.ip6tnl0.promote_secondaries = 0
net.ipv4.conf.ip6tnl0.proxy_arp = 0
net.ipv4.conf.ip6tnl0.proxy_arp_pvlan = 0
net.ipv4.conf.ip6tnl0.rp_filter = 0
net.ipv4.conf.ip6tnl0.secure_redirects = 1
net.ipv4.conf.ip6tnl0.send_redirects = 1
net.ipv4.conf.ip6tnl0.shared_media = 1
net.ipv4.conf.ip6tnl0.src_valid_mark = 0
net.ipv4.conf.ip6tnl0.tag = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.arp_accept = 0
net.ipv4.conf.lo.arp_announce = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.arp_ignore = 0
net.ipv4.conf.lo.arp_notify = 0
net.ipv4.conf.lo.bootp_relay = 0
net.ipv4.conf.lo.disable_policy = 1
net.ipv4.conf.lo.disable_xfrm = 1
net.ipv4.conf.lo.force_igmp_version = 0
net.ipv4.conf.lo.forwarding = 0
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.medium_id = 0
net.ipv4.conf.lo.promote_secondaries = 0
net.ipv4.conf.lo.proxy_arp = 0
net.ipv4.conf.lo.proxy_arp_pvlan = 0
net.ipv4.conf.lo.secure_redirects = 1
net.ipv4.conf.lo.send_redirects = 1
net.ipv4.conf.lo.shared_media = 1
net.ipv4.conf.lo.src_valid_mark = 0
net.ipv4.conf.lo.tag = 0
net.ipv4.conf.p2p0.accept_local = 0
net.ipv4.conf.p2p0.accept_redirects = 1
net.ipv4.conf.p2p0.accept_source_route = 1
net.ipv4.conf.p2p0.arp_accept = 0
net.ipv4.conf.p2p0.arp_announce = 0
net.ipv4.conf.p2p0.arp_filter = 0
net.ipv4.conf.p2p0.arp_ignore = 0
net.ipv4.conf.p2p0.arp_notify = 0
net.ipv4.conf.p2p0.bootp_relay = 0
net.ipv4.conf.p2p0.disable_policy = 0
net.ipv4.conf.p2p0.disable_xfrm = 0
net.ipv4.conf.p2p0.force_igmp_version = 0
net.ipv4.conf.p2p0.forwarding = 0
net.ipv4.conf.p2p0.log_martians = 0
net.ipv4.conf.p2p0.mc_forwarding = 0
net.ipv4.conf.p2p0.medium_id = 0
net.ipv4.conf.p2p0.promote_secondaries = 0
net.ipv4.conf.p2p0.proxy_arp = 0
net.ipv4.conf.p2p0.proxy_arp_pvlan = 0
net.ipv4.conf.p2p0.rp_filter = 0
net.ipv4.conf.p2p0.secure_redirects = 1
net.ipv4.conf.p2p0.send_redirects = 1
net.ipv4.conf.p2p0.shared_media = 1
net.ipv4.conf.p2p0.src_valid_mark = 0
net.ipv4.conf.p2p0.tag = 0
net.ipv4.conf.sit0.accept_local = 0
net.ipv4.conf.sit0.accept_redirects = 1
net.ipv4.conf.sit0.accept_source_route = 1
net.ipv4.conf.sit0.arp_accept = 0
net.ipv4.conf.sit0.arp_announce = 0
net.ipv4.conf.sit0.arp_filter = 0
net.ipv4.conf.sit0.arp_ignore = 0
net.ipv4.conf.sit0.arp_notify = 0
net.ipv4.conf.sit0.bootp_relay = 0
net.ipv4.conf.sit0.disable_policy = 0
net.ipv4.conf.sit0.disable_xfrm = 0
net.ipv4.conf.sit0.force_igmp_version = 0
net.ipv4.conf.sit0.forwarding = 0
net.ipv4.conf.sit0.log_martians = 0
net.ipv4.conf.sit0.mc_forwarding = 0
net.ipv4.conf.sit0.medium_id = 0
net.ipv4.conf.sit0.promote_secondaries = 0
net.ipv4.conf.sit0.proxy_arp = 0
net.ipv4.conf.sit0.proxy_arp_pvlan = 0
net.ipv4.conf.sit0.rp_filter = 0
net.ipv4.conf.sit0.secure_redirects = 1
net.ipv4.conf.sit0.send_redirects = 1
net.ipv4.conf.sit0.shared_media = 1
net.ipv4.conf.sit0.src_valid_mark = 0
net.ipv4.conf.sit0.tag = 0
net.ipv4.conf.wlan0.accept_local = 0
net.ipv4.conf.wlan0.accept_redirects = 1
net.ipv4.conf.wlan0.accept_source_route = 1
net.ipv4.conf.wlan0.arp_accept = 0
net.ipv4.conf.wlan0.arp_announce = 0
net.ipv4.conf.wlan0.arp_filter = 0
net.ipv4.conf.wlan0.arp_ignore = 0
net.ipv4.conf.wlan0.arp_notify = 0
net.ipv4.conf.wlan0.bootp_relay = 0
net.ipv4.conf.wlan0.disable_policy = 0
net.ipv4.conf.wlan0.disable_xfrm = 0
net.ipv4.conf.wlan0.force_igmp_version = 0
net.ipv4.conf.wlan0.forwarding = 0
net.ipv4.conf.wlan0.log_martians = 0
net.ipv4.conf.wlan0.mc_forwarding = 0
net.ipv4.conf.wlan0.medium_id = 0
net.ipv4.conf.wlan0.promote_secondaries = 1
net.ipv4.conf.wlan0.proxy_arp = 0
net.ipv4.conf.wlan0.proxy_arp_pvlan = 0
net.ipv4.conf.wlan0.rp_filter = 0
net.ipv4.conf.wlan0.secure_redirects = 1
net.ipv4.conf.wlan0.send_redirects = 1
net.ipv4.conf.wlan0.shared_media = 1
net.ipv4.conf.wlan0.src_valid_mark = 0
net.ipv4.conf.wlan0.tag = 0
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.icmp_ratelimit = 1000
net.ipv4.icmp_ratemask = 6168
net.ipv4.igmp_max_memberships = 20


#net.netfilter.nf_log.0 =
#net.netfilter.nf_log.1 =
net.netfilter.nf_log.2 = ipt_LOG
#net.netfilter.nf_log.3 =
#net.netfilter.nf_log.4 =
#net.netfilter.nf_log.5 =
#net.netfilter.nf_log.6 =
#net.netfilter.nf_log.7 =
#net.netfilter.nf_log.8 =
#net.netfilter.nf_log.9 =
#net.netfilter.nf_log.10 =
#net.netfilter.nf_log.11 =
#net.netfilter.nf_log.12 =


#net.netfilter.nf_conntrack_buckets = 16384
#net.netfilter.nf_conntrack_count = 36
#net.netfilter.nf_conntrack_dccp_loose = 1
#net.netfilter.nf_conntrack_dccp_timeout_closereq = 64
#net.netfilter.nf_conntrack_dccp_timeout_closing = 64
#net.netfilter.nf_conntrack_dccp_timeout_open = 43200
#net.netfilter.nf_conntrack_dccp_timeout_partopen = 480
#net.netfilter.nf_conntrack_dccp_timeout_request = 240
#net.netfilter.nf_conntrack_dccp_timeout_respond = 480
#net.netfilter.nf_conntrack_dccp_timeout_timewait = 240
#net.netfilter.nf_conntrack_events = 1
#net.netfilter.nf_conntrack_events_retry_timeout = 15
#net.netfilter.nf_conntrack_expect_max = 256
#net.netfilter.nf_conntrack_frag6_high_thresh = 262144
#net.netfilter.nf_conntrack_frag6_low_thresh = 196608
#net.netfilter.nf_conntrack_frag6_timeout = 60
#net.netfilter.nf_conntrack_generic_timeout = 600
#net.netfilter.nf_conntrack_icmp_timeout = 30
#net.netfilter.nf_conntrack_icmpv6_timeout = 30
#net.netfilter.nf_conntrack_log_invalid = 0
#net.netfilter.nf_conntrack_acct = 0
#net.netfilter.nf_conntrack_checksum = 1
#net.netfilter.nf_conntrack_tcp_timeout_established = 7440
#net.netfilter.nf_conntrack_udp_timeout = 60
#net.netfilter.nf_conntrack_udp_timeout_stream = 180
#net.netfilter.nf_conntrack_skip_filter = 1
#net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120
#net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 60
#net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300
#net.netfilter.nf_conntrack_tcp_timeout_last_ack = 30
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_max_retrans = 3
#net.netfilter.nf_conntrack_tcp_loose = 0
#net.netfilter.nf_conntrack_tcp_be_liberal = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_sent = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_recd = 0
#net.netfilter.nf_conntrack_sctp_timeout_shutdown_ack_sent = 3
#net.netfilter.nf_conntrack_sctp_timeout_established = 432000
#net.netfilter.nf_conntrack_sctp_timeout_cookie_wait = 3
#net.netfilter.nf_conntrack_sctp_timeout_cookie_echoed = 3
#net.netfilter.nf_conntrack_sctp_timeout_closed = 10


# sysctl -a | grep ipv6 sysctl

###############################
#  IPv6 -> http://test-ipv6.com  +  RFC 3041/4941 (year: 2001)
# https://code.google.com/p/android/issues/detail?id=14013
# https://code.google.com/p/android/issues/detail?id=31102
# Only on Lollipop: RFC 6106 + RFC3493
###############################
net.ipv6.bindv6only = FALSE
net.ipv6.flowlabel_consistency = TRUE
#RFC 6438
net.ipv6.auto_flowlabels = FALSE
net.ipv6.ip_forward = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_dad = 1
net.ipv6.conf.all.anycast_src_echo_reply = FALSE
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
#RFC3810
net.ipv6.conf.all.mld_qrv = 2
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.use_tempaddr = 1
net.ipv6.conf.eth0.temp_valid_lft = 604800
net.ipv6.conf.eth0.temp_prefered_lft = 86400
net.ipv6.conf.all.use_tempaddr = 1
net.ipv6.conf.default.use_tempaddr = 1
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_source_route = 0
#sysctl -A | grep autoconf for all interfaces - do not disable autoconf!!
net.ipv6.conf.eth0.autoconf = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
# Enable IPv6 forwarding.
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.optimistic_dad = 0
net.ipv6.conf.all.use_optimistic = 0
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.regen_max_retry = 5
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitations = 3
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.default.accept_dad = 1
#normally this should't be controled by user /provider
#net.ipv6.binv6only = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
net.ipv6.conf.default.accept_ra_defrtr = 1
net.ipv6.conf.default.accept_ra_pinfo = 1
net.ipv6.conf.default.accept_ra_rtr_pref = 1
net.ipv6.conf.default.accept_redirects = 1
net.ipv6.conf.default.accept_source_route = 0
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 1
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.default.force_mld_version = 0
net.ipv6.conf.default.force_tllao = 0
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.default.hop_limit = 64
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.max_desync_factor = 600
net.ipv6.conf.default.mtu = 1280
net.ipv6.conf.default.optimistic_dad = 0
net.ipv6.conf.default.proxy_ndp = 0
net.ipv6.conf.default.regen_max_retry = 5
net.ipv6.conf.default.router_probe_interval = 60
net.ipv6.conf.default.router_solicitation_delay = 1
net.ipv6.conf.default.router_solicitation_interval = 4
net.ipv6.conf.default.router_solicitations = 3
net.ipv6.conf.default.temp_prefered_lft = 86400
net.ipv6.conf.default.temp_valid_lft = 604800
net.ipv6.conf.ip6tnl0.accept_dad = 1
net.ipv6.conf.ip6tnl0.accept_ra = 2
net.ipv6.conf.ip6tnl0.accept_ra_defrtr = 1
net.ipv6.conf.ip6tnl0.accept_ra_pinfo = 1
net.ipv6.conf.ip6tnl0.accept_ra_rtr_pref = 1
net.ipv6.conf.ip6tnl0.accept_redirects = 1
net.ipv6.conf.ip6tnl0.accept_source_route = 0
net.ipv6.conf.ip6tnl0.autoconf = 1
net.ipv6.conf.ip6tnl0.dad_transmits = 1
net.ipv6.conf.ip6tnl0.disable_ipv6 = 0
net.ipv6.conf.ip6tnl0.force_mld_version = 0
net.ipv6.conf.ip6tnl0.force_tllao = 0
net.ipv6.conf.ip6tnl0.forwarding = 1
net.ipv6.conf.ip6tnl0.hop_limit = 64
net.ipv6.conf.ip6tnl0.max_addresses = 16
net.ipv6.conf.ip6tnl0.max_desync_factor = 600
net.ipv6.conf.ip6tnl0.mtu = 1452
net.ipv6.conf.ip6tnl0.optimistic_dad = 1
net.ipv6.conf.ip6tnl0.proxy_ndp = 0
net.ipv6.conf.ip6tnl0.regen_max_retry = 5
net.ipv6.conf.ip6tnl0.router_probe_interval = 60
net.ipv6.conf.ip6tnl0.router_solicitation_delay = 1
net.ipv6.conf.ip6tnl0.router_solicitation_interval = 4
net.ipv6.conf.ip6tnl0.router_solicitations = 3
net.ipv6.conf.ip6tnl0.temp_prefered_lft = 86400
net.ipv6.conf.ip6tnl0.temp_valid_lft = 604800
net.ipv6.conf.ip6tnl0.use_tempaddr = 1
net.ipv6.conf.lo.accept_dad = 1
net.ipv6.conf.lo.accept_ra = 2
net.ipv6.conf.lo.accept_ra_defrtr = 1
net.ipv6.conf.lo.accept_ra_pinfo = 1
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
net.ipv6.conf.lo.accept_redirects = 1
net.ipv6.conf.lo.accept_source_route = 0
net.ipv6.conf.lo.autoconf = 1
net.ipv6.conf.lo.dad_transmits = 1
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.lo.force_mld_version = 0
net.ipv6.conf.lo.force_tllao = 0
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.lo.hop_limit = 64
net.ipv6.conf.lo.max_addresses = 16
net.ipv6.conf.lo.max_desync_factor = 600
net.ipv6.conf.lo.mtu = 16436
net.ipv6.conf.lo.optimistic_dad = 1
net.ipv6.conf.lo.proxy_ndp = 0
net.ipv6.conf.lo.regen_max_retry = 5
net.ipv6.conf.lo.router_probe_interval = 60
net.ipv6.conf.lo.router_solicitation_delay = 1
net.ipv6.conf.lo.router_solicitation_interval = 4
net.ipv6.conf.lo.router_solicitations = 3
net.ipv6.conf.lo.temp_prefered_lft = 86400
net.ipv6.conf.lo.temp_valid_lft = 604800
net.ipv6.conf.lo.use_tempaddr = -1
#net.ipv6.conf.p2p0.accept_dad = 1
#net.ipv6.conf.p2p0.accept_ra = 2
#net.ipv6.conf.p2p0.accept_ra_defrtr = 1
#net.ipv6.conf.p2p0.accept_ra_pinfo = 1
#net.ipv6.conf.p2p0.accept_ra_rtr_pref = 1
#net.ipv6.conf.p2p0.accept_redirects = 1
#net.ipv6.conf.p2p0.accept_source_route = 0
#net.ipv6.conf.p2p0.autoconf = 1
#net.ipv6.conf.p2p0.dad_transmits = 1
#net.ipv6.conf.p2p0.disable_ipv6 = 0
#net.ipv6.conf.p2p0.force_mld_version = 0
#net.ipv6.conf.p2p0.force_tllao = 0
#net.ipv6.conf.p2p0.forwarding = 1
#net.ipv6.conf.p2p0.hop_limit = 64
#net.ipv6.conf.p2p0.max_addresses = 16
#net.ipv6.conf.p2p0.max_desync_factor = 600
#net.ipv6.conf.p2p0.mtu = 1500
#net.ipv6.conf.p2p0.optimistic_dad = 0
#net.ipv6.conf.p2p0.proxy_ndp = 0
#net.ipv6.conf.p2p0.regen_max_retry = 5
#net.ipv6.conf.p2p0.router_probe_interval = 60
#net.ipv6.conf.p2p0.router_solicitation_delay = 1
#net.ipv6.conf.p2p0.router_solicitation_interval = 4
#net.ipv6.conf.p2p0.router_solicitations = 3
#net.ipv6.conf.p2p0.temp_prefered_lft = 86400
#net.ipv6.conf.p2p0.temp_valid_lft = 604800
#net.ipv6.conf.p2p0.use_tempaddr = 1
net.ipv6.conf.sit0.accept_dad = -1
net.ipv6.conf.sit0.accept_ra = 2
net.ipv6.conf.sit0.accept_ra_defrtr = 1
net.ipv6.conf.sit0.accept_ra_pinfo = 1
net.ipv6.conf.sit0.accept_ra_rtr_pref = 1
net.ipv6.conf.sit0.accept_redirects = 1
net.ipv6.conf.sit0.accept_source_route = 0
net.ipv6.conf.sit0.autoconf = 1
net.ipv6.conf.sit0.dad_transmits = 1
net.ipv6.conf.sit0.disable_ipv6 = 0
net.ipv6.conf.sit0.force_mld_version = 0
net.ipv6.conf.sit0.force_tllao = 0
net.ipv6.conf.sit0.forwarding = 1
net.ipv6.conf.sit0.hop_limit = 64
net.ipv6.conf.sit0.max_addresses = 16
net.ipv6.conf.sit0.max_desync_factor = 600
net.ipv6.conf.sit0.mtu = 1480
net.ipv6.conf.sit0.optimistic_dad = 0
net.ipv6.conf.sit0.proxy_ndp = 0
net.ipv6.conf.sit0.regen_max_retry = 5
net.ipv6.conf.sit0.router_probe_interval = 60
net.ipv6.conf.sit0.router_solicitation_delay = 1
net.ipv6.conf.sit0.router_solicitation_interval = 4
net.ipv6.conf.sit0.router_solicitations = 3
net.ipv6.conf.sit0.temp_prefered_lft = 86400
net.ipv6.conf.sit0.temp_valid_lft = 604800
net.ipv6.conf.sit0.use_tempaddr = -1
net.ipv6.conf.wlan0.accept_dad = 1
net.ipv6.conf.wlan0.accept_ra = 2
net.ipv6.conf.wlan0.accept_ra_defrtr = 1
net.ipv6.conf.wlan0.accept_ra_pinfo = 1
net.ipv6.conf.wlan0.accept_ra_rtr_pref = 1
net.ipv6.conf.wlan0.accept_redirects = 1
net.ipv6.conf.wlan0.accept_source_route = 0
net.ipv6.conf.wlan0.autoconf = 1
net.ipv6.conf.wlan0.dad_transmits = 1
net.ipv6.conf.wlan0.disable_ipv6 = 0
net.ipv6.conf.wlan0.force_mld_version = 0
net.ipv6.conf.wlan0.force_tllao = 0
net.ipv6.conf.wlan0.forwarding = 1
net.ipv6.conf.wlan0.hop_limit = 64
net.ipv6.conf.wlan0.max_addresses = 16
net.ipv6.conf.wlan0.max_desync_factor = 600
net.ipv6.conf.wlan0.mtu = 1500
net.ipv6.conf.wlan0.optimistic_dad = 0
net.ipv6.conf.wlan0.proxy_ndp = 0
net.ipv6.conf.wlan0.regen_max_retry = 5
net.ipv6.conf.wlan0.router_probe_interval = 60
net.ipv6.conf.wlan0.router_solicitation_delay = 5
net.ipv6.conf.wlan0.router_solicitation_interval = 1
net.ipv6.conf.wlan0.router_solicitations = 5
#sysctl -e -q -p /etc/sysctl.conf in a running system
#rcnetwork restart!!!!
net.ipv6.conf.wlan0.temp_prefered_lft = 86400
net.ipv6.conf.wlan0.temp_valid_lft = 604800
net.ipv6.conf.wlan0.use_tempaddr = 1
net.ipv6.icmp.ratelimit = 1000
#net.ipv6.conf.all.rp_filter = 1
#net.ipv6.conf.all.secure_redirects = 0
#Maximum memory used to reassemble IPv6 fragments.
net.ipv6.ip6frag_high_thresh = 262144
net.ipv6.ip6frag_low_thresh = 196608
net.ipv6.ip6frag_secret_interval = 600
net.ipv6.ip6frag_time = 60
net.ipv6.mld_max_msf = 64
net.ipv6.neigh.default.anycast_delay = 100
net.ipv6.neigh.default.app_solicit = 0
net.ipv6.neigh.default.base_reachable_time = 30
net.ipv6.neigh.default.base_reachable_time_ms = 30000
net.ipv6.neigh.default.delay_first_probe_time = 5
net.ipv6.neigh.default.gc_interval = 30
net.ipv6.neigh.default.gc_stale_time = 60
net.ipv6.neigh.default.gc_thresh1 = 128
net.ipv6.neigh.default.gc_thresh2 = 512
net.ipv6.neigh.default.gc_thresh3 = 1024
net.ipv6.neigh.default.locktime = 0
net.ipv6.neigh.default.mcast_solicit = 3
net.ipv6.neigh.default.proxy_delay = 80
net.ipv6.neigh.default.proxy_qlen = 64
net.ipv6.neigh.default.retrans_time = 200
net.ipv6.neigh.default.retrans_time_ms = 1000
#net.ipv6.conf.default.secure_redirects = 0
net.ipv6.neigh.ip6tnl0.mcast_solicit = 3
net.ipv6.neigh.ip6tnl0.locktime = 3
net.ipv6.neigh.ip6tnl0.gc_stale_time = 60
net.ipv6.neigh.ip6tnl0.app_solicit = 0
net.ipv6.neigh.default.ucast_solicit = 3
net.ipv6.neigh.default.unres_qlen = 35
#net.ipv6.neigh.default.unres_qlen_bytes = 65536
net.ipv6.neigh.ip6tnl0.anycast_delay = 100
net.ipv6.neigh.ip6tnl0.base_reachable_time = 30
net.ipv6.neigh.ip6tnl0.base_reachable_time_ms = 30000
net.ipv6.neigh.ip6tnl0.delay_first_probe_time = 5
net.ipv6.conf.default.autoconf = 1
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.neigh.ip6tnl0.proxy_delay = 80
net.ipv6.neigh.ip6tnl0.proxy_qlen = 64
net.ipv6.neigh.ip6tnl0.unres_qlen = 35
net.ipv6.neigh.ip6tnl0.retrans_time = 200
net.ipv6.neigh.ip6tnl0.retrans_time_ms = 1000
net.ipv6.neigh.ip6tnl0.ucast_solicit = 3
#net.ipv6.neigh.ip6tnl0.unres_qlen_bytes = 65536
net.ipv6.neigh.lo.app_solicit = 0
net.ipv6.neigh.lo.anycast_delay = 100
net.ipv6.neigh.lo.ucast_solicit = 3
net.ipv6.neigh.lo.base_reachable_time = 30
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
net.ipv6.neigh.lo.unres_qlen = 35
net.ipv6.neigh.lo.delay_first_probe_time = 5
net.ipv6.neigh.lo.gc_stale_time = 60
net.ipv6.neigh.lo.locktime = 0
net.ipv6.neigh.lo.proxy_delay = 80
net.ipv6.neigh.lo.mcast_solicit = 3
net.ipv6.neigh.lo.proxy_qlen = 64
net.ipv6.neigh.lo.retrans_time = 200
net.ipv6.neigh.lo.retrans_time_ms = 1000
#net.ipv6.neigh.lo.unres_qlen_bytes = 65536
net.ipv6.conf.default.max_addresses = 16
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.neigh.sit0.delay_first_probe_time = 5
net.ipv6.neigh.sit0.gc_stale_time = 60
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.neigh.sit0.app_solicit = 0
net.ipv6.neigh.sit0.anycast_delay = 100
#net.ipv6.neigh.p2p0.anycast_delay = 100
#net.ipv6.neigh.p2p0.gc_stale_time = 60
#net.ipv6.neigh.p2p0.app_solicit = 0
#net.ipv6.neigh.p2p0.base_reachable_time_ms = 30000
#net.ipv6.neigh.p2p0.base_reachable_time = 30
#net.ipv6.neigh.p2p0.delay_first_probe_time = 5
#net.ipv6.neigh.p2p0.locktime = 0
#net.ipv6.neigh.p2p0.mcast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen = 35
#net.ipv6.neigh.p2p0.proxy_delay = 80
#net.ipv6.neigh.p2p0.retrans_time_ms = 1000
#net.ipv6.neigh.p2p0.proxy_qlen = 64
#net.ipv6.neigh.p2p0.retrans_time = 200
#net.ipv6.neigh.p2p0.ucast_solicit = 3
#net.ipv6.neigh.p2p0.unres_qlen_bytes = 65536
net.ipv6.neigh.sit0.base_reachable_time_ms = 30000
net.ipv6.neigh.sit0.base_reachable_time = 30
net.ipv6.xfrm6_gc_thresh = 2048
net.ipv6.route.mtu_expires = 600
net.ipv6.route.min_adv_mss = 1220
net.ipv6.route.max_size = 4096
net.ipv6.neigh.sit0.locktime = 0
net.ipv6.route.gc_timeout = 60
net.ipv6.route.gc_thresh = 1024
net.ipv6.route.gc_min_interval_ms = 500
net.ipv6.route.gc_min_interval = 0
net.ipv6.route.gc_interval = 30
#net.ipv6.neigh.wlan0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.retrans_time = 200
net.ipv6.neigh.sit0.mcast_solicit = 3
net.ipv6.neigh.sit0.proxy_qlen = 64
net.ipv6.neigh.sit0.proxy_delay = 80
net.ipv6.neigh.sit0.retrans_time_ms = 1000
#net.ipv6.neigh.wlan0.anycast_delay = 100
net.ipv6.neigh.sit0.retrans_time = 200
#net.ipv6.neigh.sit0.unres_qlen_bytes = 65536
net.ipv6.neigh.sit0.unres_qlen = 35
net.ipv6.conf.all.dad_transmits = 1
#net.ipv6.neigh.wlan0.ucast_solicit = 3
#net.ipv6.neigh.sit0.ucast_solicit = 3
#net.ipv6.neigh.wlan0.unres_qlen_bytes = 65536
#net.ipv6.neigh.wlan0.app_solicit = 0
#net.ipv6.neigh.wlan0.delay_first_probe_time = 5
#net.ipv6.neigh.wlan0.base_reachable_time_ms = 30000
#net.ipv6.neigh.wlan0.base_reachable_time = 30
#net.ipv6.neigh.wlan0.locktime = 0
#net.ipv6.neigh.wlan0.gc_stale_time = 60
#net.ipv6.neigh.wlan0.proxy_qlen = 64
#net.ipv6.neigh.wlan0.mcast_solicit = 3
#net.ipv6.neigh.wlan0.proxy_delay = 80
net.ipv6.neigh.wlan0.unres_qlen = 35
net.ipv6.route.gc_elasticity = 9

# Disable IPv6
#net.ipv6.conf.all.disable_ipv6 = 1
#net.ipv6.conf.default.disable_ipv6 = 1
#net.ipv6.conf.$WIFI.disable_ipv6 = 1

# Wireless + TCP Speed & Security Tweaks
net.core.wmem_max = 1048576
net.core.rmem_max = 1048576
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.optmem_max = 20480
net.core.xfrm_larval_drop = 1
net.core.dev_weight = 64
net.core.message_burst = 10
net.core.message_cost = 5
net.core.netdev_budget = 300
net.core.netdev_max_backlog = 1000
net.core.netdev_tstamp_prequeue = 1
net.core.optmem_max = 10240
net.core.rmem_default = 163840
net.core.rmem_max = 1048576
net.core.rps_sock_flow_entries = 0
net.core.somaxconn = 128
net.core.warnings = 1
net.core.wmem_default = 163840
net.core.wmem_max = 2097152
net.core.xfrm_acq_expires = 30
net.core.xfrm_aevent_etime = 10
net.core.xfrm_aevent_rseqth = 2
net.unix.max_dgram_qlen = 50
net.nf_conntrack_max = 2000000
net.netfilter.nf_conntrack_udplite_timeout = 30
net.netfilter.nf_conntrack_udplite_timeout_stream = 180
#net.phonet.local_port_range = 64 127
#net.core.netdev_max_backlog = 2500

# Define TCP buffer sizes for various networks (Deprecated since Android 4+)
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax
#net.tcp.buffersize.default = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.wifi = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.lte = 262144,524288,3145728,262144,524288,3145728
#net.tcp.buffersize.umts = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.evdo = 4096,87380,563200,4096,16384,262144
#net.tcp.buffersize.evdo_b = 6144,262144,1048576,6144,262144,1048576
#net.tcp.buffersize.gprs = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.edge = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.hspa = 4096,87380,256960,4096,16384,256960
#net.tcp.buffersize.hspap = 4096,87380,1220608,4096,16384,393216
#net.tcp.buffersize.hsupa = 4096,87380,704512,4096,16384,262144
#net.tcp.buffersize.hsdpa = 6144,262144,1048576,6144,262144,1048576


# Set DNS to OpenDNS (not working since 4.x+)
# DNS will be change back to provider dns after each
# connectivity change 2G<->3G<->4G<->5G<->Wifi
# Use OverrideDNS app (the only working solution for now)
# Change DNS for tether AND mobile/wifi does not work
# because Android doesn't want that .... (will never be fixed)
#net.rmnet0.dns1 = 208.67.222.222
#net.rmnet0.dns2 = 208.67.220.220
#net.dns1 = 208.67.222.222
#net.dns2 = 208.67.220.220

###############################
# VM & Filesystem tweaks
# (specifies amount of virtual RAM,
# if it should kill a task or not, how often to refer to cache)
###############################
#pm.sleep_mode = 1
#fs.lease-break-time = 20
#fs.lease-break-time = 1
#Increase system file descriptor limit
#fs.file-max = 65536
#fs.nr_open = 1048576
#fs.leases-enable = 1
#fs.inotify.max_queued_events = 32000
#fs.inotify.max_user_instances = 256
# Increase the number of possible inotify(7) watches
#fs.inotify.max_user_watches = 65536
#fs.overflowgid = 65534
#fs.protected_hardlinks = 1
#fs.overflowuid = 65534
#fs.protected_symlinks = 1
#vm.overcommit_memory = 1
#vm.min_free_order_shift = 4
#vm.oom_dump_tasks = 1
#vm.lowmem_reserve_ratio = 96 96
#vm.legacy_va_layout = 0
#vm.page-cluster = 3
#vm.overcommit_ratio = 50
#vm.drop_caches = 0
#vm.extfrag_threshold = 500
#vm.swappiness = 20
#vm.dirty_writeback_centisecs = 2000
#vm.dirty_expire_centisecs = 200
#vm.dirty_ratio = 95
#vm.highmem_is_dirtyable = 0
#vm.dirty_background_ratio = 60
#vm.max_map_count = 65530
#vm.dirty_writeback_centisecs = 500
#vm.oom_kill_allocating_task = 1
#vm.nr_pdflush_threads = 0
#vm.mmap_min_addr = 32768
#vm.overcommit_memory = 1
#vm.page-cluster = 3
#vm.min_free_kbytes = 8192
#vm.panic_on_oom = 0
#vm.vfs_cache_pressure = 10
#vm.laptop_mode = 0
#vm.block_dump = 0
#vm.scan_unevictable_pages = 0
#vm.percpu_pagelist_fraction = 0
#vm.stat_interval = 1
#vold.post_fs_data_done = 1

## Remove logging
#rm /dev/log/main


#dev.scsi.logging_level = 0
#fs.dentry-state = 22620 12592 45 0 0 0
#fs.epoll.max_user_watches = 164828
#fs.file-nr = 4032 0 180195
#fs.inode-nr = 20258 0
#fs.inode-state = 20259 0 0 0 0 0 0
#fs.suid_dumpable = 0
#kernel.auto_msgmni = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36


###############################
# Kernel
###############################
#kernel.panic = 30
#kernel.panic_on_oops = 1
#kernel.msgmni = 2048
#kernel.random.read_wakeup_threshold = 128
#kernel.random.write_wakeup_threshold = 256
#kernel.shmmni = 4096
#kernel.sem = 500 512000 64 2048
#kernel.sched_features = 24189
#kernel.hung_task_timeout_secs = 30
#kernel.sched_latency_ns = 1000000
#kernel.sched_min_granularity_ns = 100000
#kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sched_compat_yield = 1
#kernel.sched_shares_ratelimit = 256000
#kernel.sched_child_runs_first = 0
#kernel.threads-max = 524288
#Allow for more PIDs
#kernel.pid_max = 65536
#Enable ExecShield protection
#kernel.exec-shield = 1
#kernel.randomize_va_spac = 1
#kernel.dmesg_restrict = 1
#kernel.kptr_restrict = 1
#net.core.bpf_jit_enable = 0
#kernel.grsecurity.harden_ptrace = 1
#kernel.watchdog_thresh = 10
#kernel.watchdog = 1
#kernel.version =
#kernel.timer_migration = 1
#kernel.random.write_wakeup_threshold = 128
#kernel.randomize_va_space = 2
#kernel.real-root-dev = 0
#kernel.sched_child_runs_first = 0
#kernel.sched_domain.cpu0.domain0.busy_factor = 64
#kernel.sched_domain.cpu0.domain0.busy_idx = 2
#kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu0.domain0.flags = 4143
#kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu0.domain0.idle_idx = 1
#kernel.sched_domain.cpu0.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu0.domain0.max_interval = 4
#kernel.sched_domain.cpu0.domain0.min_interval = 1
#kernel.sched_domain.cpu0.domain0.name = CPU
#kernel.sched_domain.cpu0.domain0.newidle_idx = 0
#kernel.sched_domain.cpu0.domain0.wake_idx = 0
#kernel.sched_domain.cpu1.domain0.busy_factor = 64
#kernel.sched_domain.cpu1.domain0.busy_idx = 2
#kernel.sched_domain.cpu1.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu1.domain0.flags = 4143
#kernel.sched_domain.cpu1.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu1.domain0.idle_idx = 1
#kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu1.domain0.max_interval = 4
#kernel.sched_domain.cpu1.domain0.min_interval = 1
#kernel.sched_domain.cpu1.domain0.name = CPU
#kernel.sched_domain.cpu1.domain0.newidle_idx = 0
#kernel.sched_domain.cpu1.domain0.wake_idx = 0
#kernel.sched_domain.cpu2.domain0.busy_factor = 64
#kernel.sched_domain.cpu2.domain0.busy_idx = 2
#kernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu2.domain0.flags = 4143
#kernel.sched_domain.cpu2.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu2.domain0.idle_idx = 1
#kernel.sched_domain.cpu2.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu2.domain0.max_interval = 4
#kernel.sched_domain.cpu2.domain0.min_interval = 1
#kernel.sched_domain.cpu2.domain0.name = CPU
#kernel.sched_domain.cpu2.domain0.newidle_idx = 0
#kernel.sched_domain.cpu2.domain0.wake_idx = 0
#kernel.sched_domain.cpu3.domain0.busy_factor = 64
#kernel.sched_domain.cpu3.domain0.busy_idx = 2
#kernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
#kernel.sched_domain.cpu3.domain0.flags = 4143
#kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
#kernel.sched_domain.cpu3.domain0.idle_idx = 1
#kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
#kernel.sched_domain.cpu3.domain0.max_interval = 4
#kernel.sched_domain.cpu3.domain0.min_interval = 1
#kernel.sched_domain.cpu3.domain0.name = CPU
#kernel.sched_domain.cpu3.domain0.newidle_idx = 0
#kernel.sched_domain.cpu3.domain0.wake_idx = 0
#kernel.sched_latency_ns = 10000000
#kernel.sched_migration_cost = 500000
#kernel.sched_min_granularity_ns = 2250000
#kernel.sched_nr_migrate = 32
#kernel.sched_rt_period_us = 1000000
#kernel.sched_rt_runtime_us = 950000
#kernel.sched_shares_window = 10000000
#kernel.sched_time_avg = 1000
#kernel.sched_tunable_scaling = 1
#kernel.sched_wakeup_granularity_ns = 2000000
#kernel.sem = 250 32000 32 128
#kernel.sg-big-buff = 32768
#kernel.shm_rmid_forced = 0
#kernel.shmall = 2097152
#kernel.random.poolsize = 4096
#kernel.shmmax = 33554432
#kernel.shmmni = 4096
#kernel.softlockup_panic = 1
#kernel.tainted = 0
#kernel.threads-max = 28158
#kernel.timer_migration = 1
#kernel.random.uuid =
#kernel.random.entropy_avail = 149
#kernel.random.read_wakeup_threshold = 64
#kernel.random.boot_id =
#kernel.auto_msgmni = 1
#kernel.blk_iopoll = 1
#kernel.cap_last_cap = 36
#kernel.core_pattern = core
#kernel.core_pipe_limit = 0
#kernel.core_uses_pid = 0
#kernel.ctrl-alt-del = 1
#kernel.dmesg_restrict = 1
#kernel.domainname = localdomain
#kernel.ftrace_dump_on_oops = 0
#kernel.hostname = localhost
#kernel.hotplug = /sbin/hotplug
#kernel.hung_task_check_count = 32768
#kernel.hung_task_panic = 1
#kernel.hung_task_timeout_secs = 0
#kernel.hung_task_warnings = 10
#kernel.keys.gc_delay = 300
#kernel.keys.maxbytes = 20000
#kernel.keys.maxkeys = 200
#kernel.keys.root_maxbytes = 20000
#kernel.keys.root_maxkeys = 200
#kernel.kptr_restrict = 2
#kernel.max_lock_depth = 1024
#kernel.msgmax = 8192
#kernel.msgmnb = 16384
#kernel.msgmni = 913
#kernel.ngroups_max = 65536
#kernel.nmi_watchdog = 1
#kernel.osrelease = 3.4.39-1187143
#kernel.ostype = Linux
#kernel.overflowgid = 65534
#kernel.overflowuid = 65534
#kernel.panic = 5
#kernel.panic_on_oops = 1
#kernel.pid_max = 32768
#kernel.poweroff_cmd = /sbin/poweroff
#kernel.print-fatal-signals = 0
#kernel.printk = 4 4 1 7
#kernel.printk_delay = 0
#kernel.printk_ratelimit = 5
#kernel.printk_ratelimit_burst = 10
#kernel.pty.max = 4096
#kernel.pty.nr = 2
#kernel.pty.reserve = 1024

# Controls the System Request debugging functionality of the kernel (magic-sysrq key)
#kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core fi
# Useful for debugging multi-threaded applications
#kernel.core_uses_pid = 1

# Controls the maximum size of a message, in bytes
#kernel.msgmnb = 65536
# Controls the default maximum size of a message queue
#kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
#kernel.shmmax = 4294967295

# Controls the maximum number of shared memory segments, in page
#kernel.shmall = 268435456


###############################
# Logcat
#0 = enabled
#1 = enable at boot, but not when suspended
#2 = completely disabled
###############################
# echo 2 > /sys/module/logger/parameters/log_mode


###############################
# Interfaces - DO NOT change if you not know what you're doing!
###############################
#service.adb.tcp.port = 5555
#service.adb.tcp.port = -1
#net.eth0.gw = 10.0.2.2
#net.eth0.dns1 = 10.0.2.3
#net.gprs.local-ip = 10.0.2.15
#ro.radio.use-ppp = no
#ro.bt.bdaddr_path = "/efs/bluetooth/bt_addr"
#ro.nfc.port = "I2C"
#sys.usb.state = ${sys.usb.config}
#service.adb.root = 1
#wifi.interface = wlan0
#wifi.supplicant_scan_interval = 250
#mobiledata.interfaces = pdp0,wlan0,gprs,ppp0
#ro.telephony.ril_class = SamsungExynos4RIL
#ro.carrier = unknown
#net.bt.name = chefkoch
#ro.com.android.wifi-watchlist = ChefkochGuest
#ro.com.google.clientidbase = android-google
#persist.sys.usb.config = mass_storage,adb

#vm.dirty_background_bytes = 4194304
#vm.dirty_bytes = 4194304


##########Optional
####ip6tables -A INPUT -j REJECT -p tcp -dport 80 --reject-with tcp-reset

##########Optional CM 11/12
#adb remount
# adb shell
# vi /system/etc/init.d/08ipv6priv
#
#      #!/system/bin/sh
#      sysctl -w net.ipv6.conf.default.use_tempaddr=1
#      sysctl -w net.ipv6.conf.all.use_tempaddr=1
#
# chmod 755 /system/etc/init.d/08ipv6priv
# mount -o remount,ro /system
# exit

##### *#*#4636#*#*

#mount -o ro,remount /system