# # Sysctls for all FFHO machines (Salt managed) # # # After kernel oops wait 1 sec, than reset system kernel.panic_on_oops = 1 kernel.panic = 1 # # If non-zero, the message will be sent with the primary address of # the interface that received the packet that caused the icmp error. # This is the behaviour network many administrators will expect from # a router. And it can make debugging complicated network layouts # much easier. # # Note that if no primary address exists for the interface selected, # then the primary address of the first non-loopback interface that # has one will be used regardless of this setting. net.ipv4.icmp_errors_use_inbound_ifaddr = 1 # # Enables child sockets to inherit the L3 master device index. # Enabling this option allows a "global" listen socket to work # across L3 master domains (e.g., VRFs) with connected sockets # derived from the listen socket to be bound to the L3 domain in # which the packets originated. Only valid when the kernel was # compiled with CONFIG_NET_L3_MASTER_DEV. net.ipv4.udp_l3mdev_accept = 1 net.ipv4.tcp_l3mdev_accept = 1 # # Increase ARP garbage collector thresholds net.ipv4.neigh.default.gc_thresh1 = 4096 net.ipv4.neigh.default.gc_thresh2 = 8192 net.ipv4.neigh.default.gc_thresh3 = 16384 net.ipv6.neigh.default.gc_thresh1 = 4096 net.ipv6.neigh.default.gc_thresh2 = 8192 net.ipv6.neigh.default.gc_thresh3 = 16384 # # Increase conntrack table size (default 32k) net.netfilter.nf_conntrack_max = 16777216 # # "Be conservative in what you do, # be liberal in what you accept from others." # If it's non-zero, we mark only out of window RST segments as INVALID. # -- net/netfilter/nf_conntrack_proto_tcp.c # net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 1 # # Allow loading conntrack helper (e.g. for TFTP) net.netfilter.nf_conntrack_helper = 1 # # Don't filter packet passing a bridge and not being routed on this host. net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-arptables = 0 # # Prevent swapping vm.swappiness = 1