本文共 4172 字,大约阅读时间需要 13 分钟。
原贴:http://dev.csdn.net/article/73/73907.shtm
| ||||||||
| sysctl是一个允许您改变正在运行中的Linux系统的接口。它包含一些 TCP/IP 堆栈和虚拟内存系统的高级选项, 这可以让有经验的管理员提高引人注目的系统性能。用sysctl可以读取设置超过五百个系统变量。基于这点,sysctl(8) 提供两个功能:读取和修改系统设置。查看所有可读变量:% sysctl -a读一个指定的变量,例如 sysctl -w kernel.sysrq=0sysctl -w kernel.core_uses_pid=1sysctl -w net.ipv4.conf.default.accept_redirects=0sysctl -w net.ipv4.conf.default.accept_source_route=0sysctl -w net.ipv4.conf.default.rp_filter=1sysctl -w net.ipv4.tcp_syncookies=1sysctl -w net.ipv4.tcp_max_syn_backlog=2048sysctl -w net.ipv4.tcp_fin_timeout=30sysctl -w net.ipv4.tcp_synack_retries=2sysctl -w net.ipv4.tcp_keepalive_time=3600sysctl -w net.ipv4.tcp_window_scaling=1sysctl -w net.ipv4.tcp_sack=1配置sysctl编辑此文件:vi /etc/sysctl.conf如果该文件为空,则输入以下内容,否则请根据情况自己做调整:# Controls source route verification# Default should work for all interfacesnet.ipv4.conf.default.rp_filter = 1# net.ipv4.conf.all.rp_filter = 1# net.ipv4.conf.lo.rp_filter = 1# net.ipv4.conf.eth0.rp_filter = 1# Disables IP source routing# Default should work for all interfacesnet.ipv4.conf.default.accept_source_route = 0# net.ipv4.conf.all.accept_source_route = 0# net.ipv4.conf.lo.accept_source_route = 0# net.ipv4.conf.eth0.accept_source_route = 0# Controls the System Request debugging functionality of the kernelkernel.sysrq = 0# Controls whether core dumps will append the PID to the core filename.# Useful for debugging multi-threaded applications.kernel.core_uses_pid = 1# Increase maximum amount of memory allocated to shm# Only uncomment if needed!# kernel.shmmax = 67108864# Disable ICMP Redirect Acceptance# Default should work for all interfacesnet.ipv4.conf.default.accept_redirects = 0# net.ipv4.conf.all.accept_redirects = 0# net.ipv4.conf.lo.accept_redirects = 0# net.ipv4.conf.eth0.accept_redirects = 0# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets# Default should work for all interfacesnet.ipv4.conf.default.log_martians = 1# net.ipv4.conf.all.log_martians = 1# net.ipv4.conf.lo.log_martians = 1# net.ipv4.conf.eth0.log_martians = 1# Decrease the time default value for tcp_fin_timeout connectionnet.ipv4.tcp_fin_timeout = 25# Decrease the time default value for tcp_keepalive_time connectionnet.ipv4.tcp_keepalive_time = 1200# Turn on the tcp_window_scalingnet.ipv4.tcp_window_scaling = 1# Turn on the tcp_sacknet.ipv4.tcp_sack = 1# tcp_fack should be on because of sacknet.ipv4.tcp_fack = 1# Turn on the tcp_timestampsnet.ipv4.tcp_timestamps = 1# Enable TCP SYN Cookie Protectionnet.ipv4.tcp_syncookies = 1# Enable ignoring broadcasts requestnet.ipv4.icmp_echo_ignore_broadcasts = 1# Enable bad error message Protectionnet.ipv4.icmp_ignore_bogus_error_responses = 1# Make more local ports available# net.ipv4.ip_local_port_range = 1024 65000# Set TCP Re-Ordering value in kernel to ‘5′net.ipv4.tcp_reordering = 5# Lower syn retry ratesnet.ipv4.tcp_synack_retries = 2net.ipv4.tcp_syn_retries = 3# Set Max SYN Backlog to ‘2048′net.ipv4.tcp_max_syn_backlog = 2048# Various Settingsnet.core.netdev_max_backlog = 1024# Increase the maximum number of skb-heads to be cachednet.core.hot_list_length = 256# Increase the tcp-time-wait buckets pool sizenet.ipv4.tcp_max_tw_buckets = 360000# This will increase the amount of memory available for socket input/output queuesnet.core.rmem_default = 65535net.core.rmem_max = 8388608net.ipv4.tcp_rmem = 4096 87380 8388608net.core.wmem_default = 65535net.core.wmem_max = 8388608net.ipv4.tcp_wmem = 4096 65535 8388608net.ipv4.tcp_mem = 8388608 8388608 8388608net.core.optmem_max = 40960如果希望屏蔽别人 ping 你的主机,则加入以下代码:# Disable ping requestsnet.ipv4.icmp_echo_ignore_all = 1编辑完成后,请执行以下命令使变动立即生效:/sbin/sysctl -p/sbin/sysctl -w net.ipv4.route.flush=1 |
转载地址:http://qavob.baihongyu.com/