router.conf 1.5 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152
  1. #
  2. # Sysctls for FFHO router nodes (Salt managed)
  3. #
  4. #
  5. # Activate IP Unicast Routing
  6. net.ipv4.ip_forward=1
  7. net.ipv6.conf.all.forwarding=1
  8. #
  9. # Increase ARP garbage collector thresholds
  10. net.ipv4.neigh.default.gc_thresh1 = 1024
  11. net.ipv4.neigh.default.gc_thresh2 = 2048
  12. net.ipv4.neigh.default.gc_thresh3 = 4096
  13. net.ipv6.neigh.default.gc_thresh1 = 1024
  14. net.ipv6.neigh.default.gc_thresh2 = 2048
  15. net.ipv6.neigh.default.gc_thresh3 = 4096
  16. #
  17. # If non-zero, the message will be sent with the primary address of
  18. # the interface that received the packet that caused the icmp error.
  19. # This is the behaviour network many administrators will expect from
  20. # a router. And it can make debugging complicated network layouts
  21. # much easier.
  22. #
  23. # Note that if no primary address exists for the interface selected,
  24. # then the primary address of the first non-loopback interface that
  25. # has one will be used regardless of this setting.
  26. net.ipv4.icmp_errors_use_inbound_ifaddr = 1
  27. #
  28. # "Be conservative in what you do,
  29. # be liberal in what you accept from others."
  30. # If it's non-zero, we mark only out of window RST segments as INVALID.
  31. # -- net/netfilter/nf_conntrack_proto_tcp.c
  32. #
  33. net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 1
  34. #
  35. # Increase conntrack table size (default 32k)
  36. net.ipv4.netfilter.ip_conntrack_max = 16777216
  37. #
  38. # Don't filter packet passing a bridge and not being routed on this host.
  39. net.bridge.bridge-nf-call-iptables = 0
  40. net.bridge.bridge-nf-call-ip6tables = 0
  41. net.bridge.bridge-nf-call-arptables = 0