Last active
July 16, 2025 16:42
-
-
Save Kuzmenko-Pavel/ee09ee5116001c26121501450d7be294 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #IPv6 | |
| #Отключили ipv6 | |
| net.ipv6.conf.all.disable_ipv6 = 1 | |
| net.ipv6.conf.default.disable_ipv6 = 1 | |
| net.ipv6.conf.lo.disable_ipv6 = 1 | |
| net.ipv6.conf.all.forwarding=0 | |
| net.ipv6.conf.all.accept_redirects = 0 | |
| net.ipv6.conf.all.accept_source_route = 0 | |
| #IPv4 | |
| #OLD | |
| net.ipv4.route.flush=1 | |
| #Не принимать и не отправлять ICMP-пакеты перенаправления | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.all.secure_redirects = 0 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
| net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
| #Активируем защиту от IP-спуфинга. | |
| net.ipv4.conf.all.rp_filter = 1 | |
| net.ipv4.conf.lo.rp_filter = 1 | |
| net.ipv4.conf.default.rp_filter = 1 | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv4.conf.lo.accept_source_route = 0 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| #Защита от TCP SYN Cookie | |
| net.ipv4.tcp_syncookies=1 | |
| #Отключаем форвард | |
| net.ipv4.ip_forward=0 | |
| net.ipv4.conf.all.forwarding=0 | |
| #Определяет максимальное число допустимых в системе сокетов TCP, не связанных каким-либо идентификатором | |
| net.ipv4.tcp_max_orphans = 65536 | |
| #Время сохранения сокета в состоянии FIN-WAIT-2 после его закрытия локальной стороной | |
| net.ipv4.tcp_fin_timeout = 20 | |
| #Разрешаем динамическое изменение размера окна TCP стека | |
| net.ipv4.tcp_rfc1337 = 1 | |
| #Keepalive | |
| net.ipv4.tcp_keepalive_time = 120 | |
| net.ipv4.tcp_keepalive_intvl = 15 | |
| net.ipv4.tcp_keepalive_probes = 5 | |
| #Порт и алгоритм | |
| net.ipv4.tcp_congestion_control = htcp | |
| net.ipv4.ip_local_port_range = 1024 65535 | |
| #TUNE TCP/IP | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_fastopen=3 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.tcp_tw_recycle = 1 | |
| net.ipv4.tcp_timestamps = 1 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_no_metrics_save = 1 | |
| net.ipv4.tcp_slow_start_after_idle=0 | |
| net.ipv4.tcp_mem = 50576 64768 98152 | |
| net.ipv4.tcp_rmem = 4096 65536 16777216 | |
| net.ipv4.tcp_wmem = 4096 65536 16777216 | |
| net.core.wmem_default = 65536 | |
| net.core.rmem_default = 65536 | |
| net.core.rmem_max = 16777216 | |
| net.core.wmem_max = 16777216 | |
| net.core.netdev_max_backlog = 65535 | |
| net.core.somaxconn = 65535 | |
| net.ipv4.tcp_max_syn_backlog=8192 | |
| net.ipv4.tcp_synack_retries = 2 | |
| net.ipv4.tcp_max_tw_buckets = 720000 | |
| net.ipv4.tcp_orphan_retries = 1 | |
| net.netfilter.nf_conntrack_max = 2048576 | |
| net.nf_conntrack_max = 2048576 | |
| net.core.dev_weight=256 | |
| #Число открытых файлов | |
| fs.file-max = 1000000 | |
| #Выделение памяти | |
| #vm.overcommit_memory=2 | |
| vm.overcommit_memory=0 | |
| vm.dirty_background_ratio = 10 | |
| vm.dirty_ratio = 40 | |
| vm.swappiness=30 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment