Sysctl is an interface that allows you to change the running Linux system. It contains some TCP/IP stack and virtual memory system Advanced options, which allow experienced administrators to improve compelling system performance. With sysctl, you can read more than five hundred system variables. Based on this, sysctl(8) provides two functions: reading and modifying the system. Settings.
View all readable variables:
% sysctl -a
Read a specified variable, eg kern.maxproc:
% sysctl kern .maxproc kern.maxproc: 1044
To set a specific variable, use the syntax variable=value directly:
# sysctl kern.maxfiles=5000
kern. Maxfiles: 2088 -> 5000
You can use sysctl to modify system variables, or you can modify system variables by editing the sysctl.conf file. sysctl.conf looks a lot like rc.conf. It uses variable=value The form is used to set the value. The specified value is set after the system enters multi-user mode. Some variables can be set in this mode.
The setting of the sysctl variable is usually string, number or boolean. (Boolean is represented by 1 ’yes’, with 0 to indicate ’ No’).
sysctl -w kernel.sysrq=0
sysctl -w kernel.core_uses_pid=1
sysctl -w net.ipv4.conf.default.accept_redirects =0
sysctl -w net.ipv4.conf.default.accept_source_route=0
sysctl -w net.ipv4.conf.default.rp_filter=1
sysctl - w net.ipv4.tcp_syncookies=1
sysctl -w net.ipv4.tcp_max_syn_backlog=2048
sysctl -w net.ipv4.tcp_fin_timeout=30
sysctl -w net .ipv4.tcp_synack_retries=2
sysctl -w net.ipv4.tcp_keepalive_time=3600
sysctl -w net.ipv4.tcp_window_scaling=1
sysctl -w net.ipv4 .tcp_sack=1
Configure sysctl
Edit this file:
vi /etc/sysctl.conf
If the file is empty, enter the following Content, otherwise please adjust according to the situation:
# Controls source route verification
# Default should work for all i Nterfaces
net.ipv4.conf.default.rp_filter = 1
# net.ipv4.conf.all.rp_filter = 1
# net.ipv4.conf.lo .rp_filter = 1
# net.ipv4.conf.eth0.rp_filter = 1
# Disables IP source routing
# Default should work for all interfaces
net.ipv4.conf.default.accept_source_route = 0
# net.ipv4.conf.all.accept_source_route = 0
# net.ipv4.conf.lo.accept_source_route = 0< Br>
# net.ipv4.conf.eth0.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Increase maximum amount Of memory allocated to shm
# Only uncomment if needed!
# kernel.shmmax = 67108864
# Disable ICMP Redirect Acceptance
# Default should work For all interfaces
net.ipv4.conf.default.accept_redirects = 0
# net.ipv4. Conf.all.accept_redirects = 0
# net.ipv4.conf.lo.accept_redirects = 0
# net.ipv4.conf.eth0.accept_redirects = 0
# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
# Default should work for all interfaces
net.ipv4.conf.default.log_martians = 1
# net. Ipv4.conf.all.log_martians = 1
# net.ipv4.conf.lo.log_martians = 1
# net.ipv4.conf.eth0.log_martians = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 25
# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1200
# Turn on the tcp_window_scaling
net.ipv4.tcp_window_scaling = 1
# Turn on the tcp_sack
net.ipv4.tcp_sack = 1< Br>
# tcp_fack should be on because of sack
net.ipv4.tcp_fack = 1
# Turn on the tcp_timestamps
net.ipv4.tcp_timestamps = 1
# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Make more local ports available
# net.ipv4.ip_local_port_range = 1024 65000
# Set TCP Re-Ordering value in kernel to ‘5′
net.ipv4 .tcp_reordering = 5
# Lower syn retry rates
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 3
# Set Max SYN Backlog to ‘2048′
net.ipv4.tcp_max_syn_backlog = 2048
# Various Settings
net.core.netdev_max_backlog = 1024
# Increase The maximum number of skb-heads to be cached
net.core.hot_list_length = 256
# Increase the tcp-time-wait buckets pool size
net.ipv4. Tcp_max_tw_buckets = 360000
# This will increase the amount of memory available for socket input/output queues
net.core.rmem_default = 65535
net.core.rmem_max = 8388608
net.ipv4.t Cp_rmem = 4096 87380 8388608
net.core.wmem_default = 65535
net.core.wmem_max = 8388608
net.ipv4.tcp_wmem = 4096 65535 8388608
net.ipv4.tcp_mem = 8388608 8388608 8388608
net.core.optmem_max = 40960
If you want to block someone from pinging your host, add the following code:
# Disable ping requests
Linux 2.6 device drivers are built on the basis of the device model, therefore, to write device driv
This article mainly introduces the DB2 database in the inux installation process detailed, the step
Requirement Description Set SNAT policy using iptables Make hosts on 192.168.100.0/24 network segmen
Because the installation of debian uses a minimal installation, the default installation in Chinese,
How to run China Merchants Bank Professional Edition under Linux
Linux dynamic library (.so) search path
Anti-spam technology widely used in Linux
Photocoupler and its application circuit diagram
How to do linux system security
Installing Virtualbox Virtual XP on Ubuntu System
How to use Gearman for distributed computing
Novice Academy: Installing two hard drives for the Linux operating system
Linux using fdisk tool SSH command line partition and mount using partition tutorial
User Profile Service service failed to login
Win7 search bar is missing how to get back
Windows 7 system takes up a large memory operation method
Win7 Ultimate system boot appears "Windows can not find files or no associated programs"
An easy way to get back the search box that Win7 disappears
Teach you to keep an eye on the weather on the Win7 desktop.
Demystifying the rare small functions of Windows 7 system
Add delete program can't open or display blank
Specializing in various discomforts on the continuity of the Win8 office environment