Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Branch: master
Branches Tags
ffho-salt-pu...
/
sysctl
/
global.conf

global.conf 2.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. #
    2. 

  2. # Sysctls for all FFHO machines (Salt managed)
    3. 

  3. #
    4. 

  4. 

  5. #
    6. 

  6. # After kernel oops wait 1 sec, than reset system
    7. 

  7. kernel.panic_on_oops = 1
    8. 

  8. kernel.panic = 1
    9. 

  9. 

  10. 

  11. #
    12. 

  12. # If non-zero, the message will be sent with the primary address of
    13. 

  13. # the interface that received the packet that caused the icmp error.
    14. 

  14. # This is the behaviour network many administrators will expect from
    15. 

  15. # a router. And it can make debugging complicated network layouts
    16. 

  16. # much easier.
    17. 

  17. #
    18. 

  18. # Note that if no primary address exists for the interface selected,
    19. 

  19. # then the primary address of the first non-loopback interface that
    20. 

  20. # has one will be used regardless of this setting.
    21. 

  21. net.ipv4.icmp_errors_use_inbound_ifaddr = 1
    22. 

  22. 

  23. 

  24. #
    25. 

  25. # Enables child sockets to inherit the L3 master device index.
    26. 

  26. # Enabling this option allows a "global" listen socket to work
    27. 

  27. # across L3 master domains (e.g., VRFs) with connected sockets
    28. 

  28. # derived from the listen socket to be bound to the L3 domain in
    29. 

  29. # which the packets originated. Only valid when the kernel was
    30. 

  30. # compiled with CONFIG_NET_L3_MASTER_DEV.
    31. 

  31. net.ipv4.udp_l3mdev_accept = 1
    32. 

  32. net.ipv4.tcp_l3mdev_accept = 1
    33. 

  33. 

  34. 

  35. #
    36. 

  36. # Increase ARP garbage collector thresholds
    37. 

  37. net.ipv4.neigh.default.gc_thresh1 = 4096
    38. 

  38. net.ipv4.neigh.default.gc_thresh2 = 8192
    39. 

  39. net.ipv4.neigh.default.gc_thresh3 = 16384
    40. 

  40. 

  41. net.ipv6.neigh.default.gc_thresh1 = 4096
    42. 

  42. net.ipv6.neigh.default.gc_thresh2 = 8192
    43. 

  43. net.ipv6.neigh.default.gc_thresh3 = 16384
    44. 

  44. 

  45. 

  46. #
    47. 

  47. # Increase conntrack table size (default 32k)
    48. 

  48. net.netfilter.nf_conntrack_max = 16777216
    49. 

  49. 

  50. 

  51. #
    52. 

  52. # "Be conservative in what you do,
    53. 

  53. #  be liberal in what you accept from others."
    54. 

  54. #  If it's non-zero, we mark only out of window RST segments as INVALID.
    55. 

  55. #  -- net/netfilter/nf_conntrack_proto_tcp.c
    56. 

  56. #
    57. 

  57. net.ipv4.netfilter.ip_conntrack_tcp_be_liberal = 1
    58. 

  58. 

  59. 

  60. #
    61. 

  61. # Allow loading conntrack helper (e.g. for TFTP)
    62. 

  62. net.netfilter.nf_conntrack_helper = 1
    63. 

  63. 

  64. 

  65. #
    66. 

  66. # Don't filter packet passing a bridge and not being routed on this host.
    67. 

  67. net.bridge.bridge-nf-call-iptables = 0
    68. 

  68. net.bridge.bridge-nf-call-ip6tables = 0
    69. 

  69. net.bridge.bridge-nf-call-arptables = 0
    70. 

  70. 

  71. #
    72. 

  72. # Prevent swapping
    73. 

  73. vm.swappiness = 1
    74.