|
|
楼主 |
发表于 2022-7-16 07:26:40
|
显示全部楼层
sysctl.conf文件配置详解' L9 w& A0 u. W$ f0 P r
临时生效! Y" B. J& h& l; B: y: ]! ^4 ^
#修改后,马上生效,重启或者service network restart失效
; e+ Y" v+ U: o& ^7 v7 O9 J# psysctl -w fs.file-max=999999! l! r I; f; r# _( n
6 v8 U/ n" b- X永久生效
6 _0 x1 a& W b) C* z$ h# l$ D#vim /etc/sysctl.conf
+ X9 s" C2 D9 u! T$ Vfs.file-max=9999996 y3 R9 y/ }( d
#保存后,执行sysctl -p 或者重启服务器生效1 n7 T% b5 j# O9 a
查看配置( B& ^+ J. K; U% B
sysctl -a #消失全部配置
) T- p5 ]( O0 osysctl fs.file-max #显示fs.file-max的值3 R0 Y: f( k2 W) z$ N
# sysctl -a | grep file #模糊查找
% Y5 @& h( v& X* D0 k2 O参考资料:Linux Tcp参数设置8 r: C+ L* s* ~1 B% I6 l! R n+ Y
& @5 ~- P9 a& P/ s% {6 u. y6 r
kernel.sched_child_runs_first = 0
, R6 m$ H$ k. r' x, m
% b" R' b- {8 R, ikernel.sched_min_granularity_ns = 3000000
( O; P, F8 B! p: z. ~* ekernel.sched_latency_ns = 15000000
, J( ?$ t8 X- a- F- ] g8 jkernel.sched_wakeup_granularity_ns = 3000000
2 ~( S2 T+ c! J3 G. O% lkernel.sched_tunable_scaling = 1! e, y( ?# n( g' J2 M
* ^) h' O3 U6 r8 c% o% ]kernel.sched_features = 3183% d& B0 M* o b, P. u
kernel.sched_migration_cost = 500000
3 I2 A" _. J" j! Y% @& Jkernel.sched_nr_migrate = 329 ~* [+ U5 ?7 _, i% O1 P$ Z. Z
kernel.sched_time_avg = 10000 D0 V' l) m, N6 L
kernel.sched_shares_window = 100000001 A# A( P( R, Y( O7 B9 O
kernel.timer_migration = 1
) e9 M0 r% P; o( K) b8 k7 [kernel.sched_rt_period_us = 10000000 ]0 m$ d; W0 ^) \& n5 H+ j2 Q; I
kernel.sched_rt_runtime_us = 950000- _7 q3 ^9 W* u0 n3 S5 v, |3 Y
kernel.sched_compat_yield = 0
% Q0 {! ?4 a, E! n7 J3 Nkernel.sched_rr_timeslice_ms = 1000 M$ L; [8 h1 U2 a5 Y& ]6 G
kernel.sched_autogroup_enabled = 0
0 e# N+ m( d$ qkernel.sched_cfs_bandwidth_slice_us = 5000
4 r" N& ?9 v" R# p4 Ikernel.panic = 0
9 F8 \; }' X9 C2 [: Z+ tkernel.exec-shield = 1$ c2 m1 X& _: z& }" \( `
kernel.core_uses_pid = 1
$ G# O, e$ l Y9 u |5 B0 T% R; bkernel.core_pattern = |/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e
! y8 \0 T3 U( xkernel.core_pipe_limit = 4
/ o) M) x9 F' I8 s4 @9 {kernel.tainted = 0- t! t: r2 {7 {) W
kernel.real-root-dev = 0
. Q" \1 W" s4 S8 G8 H) C$ Pkernel.print-fatal-signals = 08 W' \! S0 H" G: v
kernel.ctrl-alt-del = 0
+ w6 L' Z& |) k2 `/ l9 D2 d, C: pkernel.ftrace_enabled = 1
( I) k& S. |$ d# tkernel.stack_tracer_enabled = 0* M/ ]8 r5 `: K. R/ U# ]5 g
kernel.ftrace_dump_on_oops = 0* z; L P7 e1 {. m9 \0 z7 ^5 h
kernel.modprobe = /sbin/modprobe5 E1 q) E! D6 E# I) o# b& \
kernel.modules_disabled = 0& w6 U! t. l& U- Z
kernel.kexec_load_disabled = 0
T9 Y1 n1 k& L. [; k0 Z( s) Qkernel.hotplug =: M' w- r, G! T! _' u
kernel.acct = 4 2 30% f5 P u# g4 |
kernel.sysrq = 04 U C+ o) l( M P
kernel.cad_pid = 1
- e: u+ \; ]# n/ n0 b K; g9 O" U2 kkernel.threads-max = 607191 f8 O' e2 ^8 F) r$ a R
kernel.random.poolsize = 4096! M9 l+ C+ {+ G* d$ w; H: `5 o0 F6 `
kernel.random.entropy_avail = 455" S+ f# z' G, G" u6 n
kernel.random.read_wakeup_threshold = 64
- L' Y$ V- N y& Xkernel.random.write_wakeup_threshold = 128
/ N) P& k m+ F' _$ [$ xkernel.random.boot_id = 7ed1dbbb-9671-4ee2-8d81-58c58ba824ac
( R8 p/ _9 ]3 @, P5 a) W: Ikernel.random.uuid = d1f372bb-bca8-4338-9d48-b9855a4ec41a5 k8 Q0 k. e2 w% y; ~) f
kernel.usermodehelper.bset = 4294967295 4294967295, K8 o% ]% v9 g( N
kernel.usermodehelper.inheritable = 4294967295 42949672958 ^$ S$ s* h7 c8 b; M# V* X
kernel.overflowuid = 65534
u$ F% M% m: [kernel.overflowgid = 65534
+ f, S" y1 }+ l. Skernel.pid_max = 131072
/ I f2 T. z/ Y( u8 A, T& h: t9 ckernel.panic_on_oops = 1% y( P, b4 E7 D+ F p! T
kernel.printk = 4 4 1 73 b3 y5 q! o' U/ X. Q }& A+ x
kernel.printk_ratelimit = 5
- c% j7 L# d) L* ]3 S6 j! hkernel.printk_ratelimit_burst = 10/ s# Z2 _: Z& k0 @3 X$ r' a( A
kernel.printk_delay = 0
) @) n$ U4 W' O: ^3 C, i. Lkernel.dmesg_restrict = 09 C4 J2 `3 l$ D0 h5 r8 r/ v
kernel.kptr_restrict = 1. j. x, F% }5 L; e% T, g/ _! n
kernel.ngroups_max = 65536
1 y; P- Q# U5 g% Q% N5 r- J$ [kernel.watchdog = 1 t7 o( x" M' [' h
kernel.watchdog_thresh = 609 T, J, e; F$ K! y& u' z# A8 m2 h
kernel.softlockup_panic = 0- u# {: Y* c- ?8 a
kernel.nmi_watchdog = 10 a+ @& _ K( m8 U' s6 a" ^- \
kernel.unknown_nmi_panic = 0
/ F( t. }6 }' m5 W+ j$ Mkernel.panic_on_unrecovered_nmi = 0
. l- [! | L9 D3 V: gkernel.panic_on_io_nmi = 0 m; |/ m% t# L6 ^
kernel.bootloader_type = 113( @7 Z+ n3 s3 l' ^$ ~/ j. A: o
kernel.bootloader_version = 1
5 Y4 B2 a5 t: ]- akernel.kstack_depth_to_print = 126 [5 u3 k* F# `2 [' v1 `
kernel.io_delay_type = 0
3 {1 h5 S$ c% Y. } qkernel.randomize_va_space = 2
" R& M- o- t8 h% ?kernel.acpi_video_flags = 0
. g. j- L2 _! H8 wkernel.hung_task_panic = 0
/ Y6 _2 {9 p9 p) u6 F( Hkernel.hung_task_check_count = 4194304# M5 C4 u% {% z* o; g
kernel.hung_task_timeout_secs = 120! a0 ~, i( p* X" A- Q
kernel.hung_task_warnings = 10
# h- U5 A+ a( r' w$ w) P# Zkernel.compat-log = 1. U* R6 t3 Q, @; ^ D
kernel.max_lock_depth = 1024
; Q' R# K& V/ tkernel.poweroff_cmd = /sbin/poweroff
; p# b. @9 |7 Ikernel.keys.maxkeys = 200
" v! t, |6 o/ v/ `kernel.keys.maxbytes = 20000* t3 j; E7 e8 m* ]! P$ U2 ]
kernel.keys.root_maxkeys = 1000000
% b4 o; J% J5 N6 o8 k1 Skernel.keys.root_maxbytes = 250000000 {) ?7 x5 @; b& f" V
kernel.keys.gc_delay = 3009 v$ u! Z( u: ?
kernel.slow-work.min-threads = 2
8 m: Y- ?& t6 n5 P1 Y$ R" skernel.slow-work.max-threads = 128
" r( I' D; Z) k( f" o3 ^" ^9 fkernel.slow-work.vslow-percentage = 50
/ F ]: }/ g' Qkernel.perf_event_paranoid = 1
7 x! v& ^6 c: g8 c: Q% G1 Q+ qkernel.perf_event_mlock_kb = 516# R( U* l5 R* Z
kernel.perf_event_max_sample_rate = 100000; i: g3 L' M! u( m0 }% z
kernel.blk_iopoll = 1
$ @& o, [$ c) Hkernel.sched_domain.cpu0.domain0.min_interval = 13 w1 {. a. k3 i
kernel.sched_domain.cpu0.domain0.max_interval = 4
3 z" w+ T2 [ A2 B! ckernel.sched_domain.cpu0.domain0.busy_idx = 2, }) \! F: N6 p. Q# v/ U" H
kernel.sched_domain.cpu0.domain0.idle_idx = 1
1 e2 z2 U" D( h V0 \8 i& |& wkernel.sched_domain.cpu0.domain0.newidle_idx = 0
0 c4 W# j! x/ B! ~kernel.sched_domain.cpu0.domain0.wake_idx = 09 |" m7 {7 m. ^
kernel.sched_domain.cpu0.domain0.forkexec_idx = 0
5 F& V9 n( H* Ykernel.sched_domain.cpu0.domain0.busy_factor = 64
[. I" W5 ^2 I2 ckernel.sched_domain.cpu0.domain0.imbalance_pct = 125# b: A2 F) c. _! S
kernel.sched_domain.cpu0.domain0.cache_nice_tries = 1
+ K4 X0 y2 \, D( y! [kernel.sched_domain.cpu0.domain0.flags = 41430 p( f1 e5 _8 E) A3 ^0 O5 e) h
kernel.sched_domain.cpu0.domain0.name = CPU! T W- f& G+ e7 H1 i! R r
kernel.sched_domain.cpu1.domain0.min_interval = 1 M9 ^5 A: o; k. C- l
kernel.sched_domain.cpu1.domain0.max_interval = 4) e& ~8 }- b" G* q5 ~8 r
kernel.sched_domain.cpu1.domain0.busy_idx = 2
b0 M* S$ A1 H# f/ \kernel.sched_domain.cpu1.domain0.idle_idx = 1
# D2 r% a* [- T$ Skernel.sched_domain.cpu1.domain0.newidle_idx = 0
* C2 j. J7 J3 J4 ?5 }- m. wkernel.sched_domain.cpu1.domain0.wake_idx = 0
& K" y- [* c+ Y4 t! I+ q# d6 ?) Ykernel.sched_domain.cpu1.domain0.forkexec_idx = 0( n4 w7 D, @8 W
kernel.sched_domain.cpu1.domain0.busy_factor = 64% j. x% h, |9 I4 R9 N
kernel.sched_domain.cpu1.domain0.imbalance_pct = 125
: z4 c. t4 V, Y2 ^7 h# x' Bkernel.sched_domain.cpu1.domain0.cache_nice_tries = 1) x r& k1 d ?! C! Y* s9 @
kernel.sched_domain.cpu1.domain0.flags = 4143! C; R( i' D' D5 e Z& @: b u# t
kernel.sched_domain.cpu1.domain0.name = CPU1 Q0 ~2 O4 m! v& G& H1 X+ f; d$ k
kernel.sched_domain.cpu2.domain0.min_interval = 11 z9 x$ n3 ? T
kernel.sched_domain.cpu2.domain0.max_interval = 4
/ N/ h( w0 s( ykernel.sched_domain.cpu2.domain0.busy_idx = 2
4 d, l) R8 W1 q7 M5 gkernel.sched_domain.cpu2.domain0.idle_idx = 1
# r- m: x2 [4 a5 h( c3 i, \kernel.sched_domain.cpu2.domain0.newidle_idx = 0$ w) I# J+ g! q, L4 I9 c- v. _
kernel.sched_domain.cpu2.domain0.wake_idx = 0
" Y- R0 Z, Q5 d7 n1 F: wkernel.sched_domain.cpu2.domain0.forkexec_idx = 0
3 Q. R. L; g3 @7 c4 kkernel.sched_domain.cpu2.domain0.busy_factor = 64
, e& ^! d3 j& Q6 u4 W: R+ Fkernel.sched_domain.cpu2.domain0.imbalance_pct = 125
' E- f; B" ^8 E# ^" Pkernel.sched_domain.cpu2.domain0.cache_nice_tries = 1
% k* E# h- T5 H% x* {$ a5 ekernel.sched_domain.cpu2.domain0.flags = 4143
, y. G7 P$ F4 ikernel.sched_domain.cpu2.domain0.name = CPU
8 s, i: [5 F( A/ |, A3 Z* Ekernel.sched_domain.cpu3.domain0.min_interval = 1$ g9 D; k/ B6 v) x7 p# o! T1 ^
kernel.sched_domain.cpu3.domain0.max_interval = 4
- G/ K7 B& K8 W# Z9 f5 [kernel.sched_domain.cpu3.domain0.busy_idx = 2
+ y0 U% @# R# r! f( H( c) S, Gkernel.sched_domain.cpu3.domain0.idle_idx = 11 V q& Z' \% U
kernel.sched_domain.cpu3.domain0.newidle_idx = 0
! R8 J; h6 ^$ ^kernel.sched_domain.cpu3.domain0.wake_idx = 08 g; a4 |, n4 A) D" Q8 p* P- M
kernel.sched_domain.cpu3.domain0.forkexec_idx = 0
" N' J, ?3 J0 }kernel.sched_domain.cpu3.domain0.busy_factor = 640 u; ?. d0 H( o4 P+ p' x
kernel.sched_domain.cpu3.domain0.imbalance_pct = 125
6 a/ A# R5 J" r+ }: A6 ^/ y5 akernel.sched_domain.cpu3.domain0.cache_nice_tries = 1
6 L5 |5 Z. j. v! r( Q, l9 qkernel.sched_domain.cpu3.domain0.flags = 4143) W9 W+ n5 u( T
kernel.sched_domain.cpu3.domain0.name = CPU
" g$ V8 }& M) }+ K! xkernel.vsyscall64 = 1& m# ]3 r! F' t2 K' E+ a( o
kernel.ostype = Linux
: W |) J) \' { F, Zkernel.osrelease = 2.6.32-504.el6.x86_64
- G0 ?( l4 q5 M* n; Q5 V8 ~% J. Fkernel.version = #1 SMP Wed Oct 15 04:27:16 UTC 2014
+ M# s& i1 K! x( F7 P* Qkernel.hostname = xapi.128.com
6 i( z8 \/ k) y' v3 E: I/ kkernel.domainname = (none)4 }2 j0 L1 h' f" N q5 h/ N8 T. |
kernel.pty.max = 40963 o. T! e$ g1 p- ]7 ?6 ^
kernel.pty.nr = 1
0 \# q Y' L- l. J _9 w* Qkernel.shmmax = 68719476736
# K; I0 {* q0 }kernel.shmall = 4294967296
9 P2 i( H' e, Ikernel.shmmni = 4096; _7 R' J" D' N1 J5 d# C4 P
kernel.shm_rmid_forced = 0
: t& d0 J, b4 D% P& v5 p2 nkernel.msgmax = 65536* A! W1 a8 ^ X% f+ v
kernel.msgmni = 7627
' I/ i7 v- w8 W2 wkernel.msgmnb = 65536
) ] r3 u6 k; e# |0 b5 l6 Ukernel.sem = 250 32000 32 1285 O& a' _+ J& }5 s. Y0 M
kernel.auto_msgmni = 1
& k( o$ l ^. Vvm.overcommit_memory = 0
" A k& Q8 i1 P u v+ ]vm.panic_on_oom = 0! z& I0 T9 h1 T, y; C" e7 p
vm.oom_kill_allocating_task = 0
; R" L7 A$ k/ I8 G* ?0 Uvm.extfrag_threshold = 500
/ S+ D& W. V8 m7 {: lvm.oom_dump_tasks = 1' h G7 F% Z! B. s! j' N$ ^
vm.would_have_oomkilled = 0$ Y8 X# E# I) Y7 R2 G
vm.overcommit_ratio = 509 y8 k6 z4 ^1 o' d
vm.overcommit_kbytes = 0
2 p3 Y. `3 n1 o. J( l/ Hvm.page-cluster = 32 C' t% @ T& a2 D4 K
vm.dirty_background_ratio = 10
; V5 q- s6 D2 O, Evm.dirty_background_bytes = 0
. k% V0 ]) S$ a$ y6 O, qvm.dirty_ratio = 20
( l+ C5 {* E7 V1 Fvm.dirty_bytes = 0+ C5 Q$ @" ~/ G. u: K# g
vm.dirty_writeback_centisecs = 500& y9 V; F) h( k7 O% T5 k0 E/ m3 j$ f" o
vm.dirty_expire_centisecs = 30009 A& v$ X2 X9 H$ w) t3 \
vm.nr_pdflush_threads = 0' U5 ]* G. |0 G
vm.swappiness = 60$ B0 ^- \3 J& d1 e9 \% d" s' n
vm.nr_hugepages = 0& E- Q% Z8 o( X5 Y; K
vm.nr_hugepages_mempolicy = 0
' l4 n) a# { ~7 `( c5 nvm.hugetlb_shm_group = 08 U; C4 T6 P& M" Y8 R, a) T
vm.hugepages_treat_as_movable = 0
% |: J+ c2 M" n) mvm.nr_overcommit_hugepages = 0, b. X! X6 M- J4 m$ D( s) a& T
vm.lowmem_reserve_ratio = 256 256 32. Q# |* s& c- c- H" I0 T$ I% v
vm.drop_caches = 0) J; D4 ?# o# L, ^1 V" D2 w
vm.min_free_kbytes = 67584$ k1 b& |- E' u( r! G
vm.extra_free_kbytes = 0
( j% n+ K; d2 hvm.unmap_area_factor = 0
W' f# Z( z# ^( H* G& `" T; uvm.meminfo_legacy_layout = 1
4 I# h5 H# U5 B9 S) G$ zvm.percpu_pagelist_fraction = 0* p J. Q" X% ]3 G
vm.max_map_count = 65530
4 v, K) f' a5 n& L. _vm.laptop_mode = 05 H( C" S% W c7 B2 d- D. |
vm.block_dump = 03 } s- K; j0 B2 K5 x6 R) ?2 e
vm.vfs_cache_pressure = 100
# s" |" t1 `7 Pvm.legacy_va_layout = 08 ?! \, @7 s, `! q
vm.zone_reclaim_mode = 0; J6 ?" s ]2 J" m1 G9 I3 j, @
vm.min_unmapped_ratio = 19 r4 f# F: Q1 U/ w* l) [$ P- e
vm.min_slab_ratio = 5: `9 R5 l( Z9 q' [4 v5 X0 B b4 P8 ]" A
vm.stat_interval = 1
3 ]! M* ^ ]5 D+ }vm.mmap_min_addr = 4096
1 v5 _# |2 i; l+ Y! ^- M4 E* kvm.numa_zonelist_order = default. w9 `5 l* Y+ w6 c- x1 j
vm.scan_unevictable_pages = 0
2 \; U4 B8 O: W% ~: G0 c( T& Gvm.memory_failure_early_kill = 07 ]5 E: S* s* S+ A
vm.memory_failure_recovery = 1
; D7 h# v1 n3 O4 ~fs.inode-nr = 14659 243
0 D2 {. j# A: ^- zfs.inode-state = 14659 243 0 0 0 0 0
- n, I& ?( f3 o. f7 L# y7 bfs.file-nr = 1216 0 385492! w1 [! d3 {% F& E% ~. [0 G5 V
' [: H2 _+ q- k( K" K1 }; h7 @4 L4 Y#【nginx】这个参数表示系统(所有)可以同时打开的最大句柄数,这个参数直接限制最大并发连接数,需根据实际情况配置。wd=8115158 I @. c; u1 u
# file-max与ulimit的区别
/ Q7 a2 V/ F. G. }1 I7 F7 U) efs.file-max = 385492# i+ p4 f! k% I# K1 X# X2 ?
0 P$ Y% ~2 F |0 k- i6 ^$ Q
fs.nr_open = 10485767 T1 t4 U. N. W
fs.dentry-state = 15088 6375 45 0 0 0 \+ ~& j) j1 j9 ?9 X: `1 G+ E4 v" F
fs.overflowuid = 65534
7 z) T7 J: V, G" H, d+ @1 `( xfs.overflowgid = 65534
# i4 m3 j9 k* l9 Dfs.leases-enable = 1: M: o/ f G1 x0 U6 W
fs.dir-notify-enable = 1
2 L! e+ T5 J1 Z3 T6 t6 ?fs.lease-break-time = 45
% T6 N- O. p. Vfs.aio-nr = 0& Y* ^/ u5 e' B+ N5 T, I# d) }# w
fs.aio-max-nr = 65536
8 @( T* C- M4 x8 Tfs.inotify.max_user_instances = 128
6 D4 D' q7 n2 V& F5 hfs.inotify.max_user_watches = 8192. O* }6 K1 c1 r5 ^& B. D! N- y
fs.inotify.max_queued_events = 163849 \' w2 Y+ J0 w7 M/ i1 }. l
fs.epoll.max_user_watches = 795852
$ ]" T h% X/ lfs.suid_dumpable = 0- O/ C `% ]; t/ j4 ^
fs.binfmt_misc.status = enabled
2 D7 d) v6 r9 w2 ?fs.quota.lookups = 0- q- z0 s" B+ J. J) Y1 Q$ N+ h. f
fs.quota.drops = 0: f- I7 g- e- U" ~' Q: r ~
fs.quota.reads = 0 t5 G0 N' }' W( W: N
fs.quota.writes = 0
& W* K1 d0 V) {6 Z- o) |; Q7 Rfs.quota.cache_hits = 04 V0 u1 A7 i+ v; f
fs.quota.allocated_dquots = 0 g* S3 o: ~3 S3 n# B8 g6 h% T- K
fs.quota.free_dquots = 0
+ g* z& G; p4 ?) J, _% B$ i: ifs.quota.syncs = 4 o- I" @6 {$ ^6 W3 t! a) E* K& N6 y
fs.quota.warnings = 1
& y: h% q& @' l% afs.mqueue.queues_max = 2565 e& b- E- y( M2 f
fs.mqueue.msg_max = 10. M7 F' e% Q n. G+ ^) g Q2 [
fs.mqueue.msgsize_max = 8192
8 m! G! T* ?7 Q8 `3 m/ C; n# c- lfs.mqueue.msg_default = 10! [6 F& |+ x* }% W
fs.mqueue.msgsize_default = 8192: a: F- Q" u* T) o" z5 E8 ?) ]
debug.exception-trace = 1+ O1 A. i$ G+ `9 y$ m5 C- e
debug.kprobes-optimization = 1
+ v0 J1 m. l$ C+ Fdev.scsi.logging_level = 0
8 {6 n9 F( X1 z8 Bdev.raid.speed_limit_min = 1000( x+ C& R/ s! c" E1 a
dev.raid.speed_limit_max = 200000
j. }- t: ^" m: X) [3 hdev.hpet.max-user-freq = 64
8 Q9 n/ W+ S9 ^( b& Sdev.mac_hid.mouse_button_emulation = 0
) b. v$ l. \0 y2 H z: B' W# pdev.mac_hid.mouse_button2_keycode = 97
: L4 l8 J: L0 E6 idev.mac_hid.mouse_button3_keycode = 100. Y! B/ [, c+ I
dev.cdrom.info = CD-ROM information, Id: cdrom.c 3.20 2003/12/17. ]2 y2 h- b1 f
dev.cdrom.info = F* t% f7 a% ~* b2 T# e
dev.cdrom.info = drive name: sr0
* h1 O# Y, ?8 t* q, xdev.cdrom.info = drive speed: 306
7 L3 x, A; d4 `. V& W5 t& N4 cdev.cdrom.info = drive # of slots: 1, g2 K N* D6 G* _. [
dev.cdrom.info = Can close tray: 1
+ S$ p! ?* F K) t+ _ e; Qdev.cdrom.info = Can open tray: 1# y3 x* K! m$ k4 U
dev.cdrom.info = Can lock tray: 1
( O/ n& B) l/ y: _dev.cdrom.info = Can change speed: 1
! q/ c+ Y" ]: ~' s; c0 I' H. a' ldev.cdrom.info = Can select disk: 02 Y/ F( J, k t3 h
dev.cdrom.info = Can read multisession: 1
3 c7 |5 L- O! \. Y0 R s) Adev.cdrom.info = Can read MCN: 19 C' s7 Y! t4 g5 f5 I8 g7 O- h4 p
dev.cdrom.info = Reports media changed: 1
* K- }5 g/ p2 D" Adev.cdrom.info = Can play audio: 1- D4 R; d7 U7 ]2 K& q7 D) j
dev.cdrom.info = Can write CD-R: 0
8 s3 T5 l7 z( v" k% E0 d1 cdev.cdrom.info = Can write CD-RW: 03 A+ O1 l/ O9 g) Y. m" g5 \2 Q- |
dev.cdrom.info = Can read DVD: 15 g% b! e' h6 W' S. \
dev.cdrom.info = Can write DVD-R: 0 ]- Q- Z2 b8 } J" r( Q$ f5 _; @
dev.cdrom.info = Can write DVD-RAM: 0) r' n4 B- n6 t7 a W! y9 F
dev.cdrom.info = Can read MRW: 1
6 `$ U" d7 \0 A+ mdev.cdrom.info = Can write MRW: 1
9 d3 l+ \6 g6 F- Hdev.cdrom.info = Can write RAM: 1, l$ E l0 {2 A) M$ C
dev.cdrom.info =9 z7 f$ J: n" X! h. I2 _& a! G* J
dev.cdrom.info =. O& G- W3 H$ q" P
dev.cdrom.autoclose = 17 P2 |4 D9 R- K6 X7 Z9 E8 v3 o
dev.cdrom.autoeject = 0
8 P+ R& ^: X& b6 L, C( Mdev.cdrom.debug = 0
, A6 Q0 a6 j2 {0 x0 R2 Z0 r$ _dev.cdrom.lock = 1
% @$ v! O+ _3 fdev.cdrom.check_media = 0- U, O/ }. y$ }
net.netfilter.nf_log.0 = NONE7 u. h" | z9 @ u: s
net.netfilter.nf_log.1 = NONE
) r. t% i: F L0 ~* e) Qnet.netfilter.nf_log.2 = NONE( V% ]. X6 j: I8 c
net.netfilter.nf_log.3 = NONE
2 w- B- W, [4 bnet.netfilter.nf_log.4 = NONE% g1 J. \" x2 a2 r0 }! R$ M
net.netfilter.nf_log.5 = NONE' j- W7 j, _' a) M$ ^, e& @
net.netfilter.nf_log.6 = NONE L# O: O/ m+ c" D$ y
net.netfilter.nf_log.7 = NONE; B" E( h# H- S) @3 E
net.netfilter.nf_log.8 = NONE
/ Z, M8 l6 k# p6 |7 vnet.netfilter.nf_log.9 = NONE$ s/ }' L. B' \" m5 b, \
net.netfilter.nf_log.10 = NONE) D$ u0 ]. l$ |
net.netfilter.nf_log.11 = NONE
( p- Q: L& j7 N+ R) H8 Lnet.netfilter.nf_log.12 = NONE- o% B5 o2 v; @+ S7 j
net.netfilter.nf_conntrack_generic_timeout = 600
3 B5 K9 r) c$ n, A* vnet.netfilter.nf_conntrack_tcp_timeout_syn_sent = 120# ^9 H7 i: q% s7 n0 r- R
net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 609 i2 R5 g; F" D4 i( D
net.netfilter.nf_conntrack_tcp_timeout_established = 4320005 W' ]6 [8 r) F* e! C1 t
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120' H, X& _- n- D+ {% _1 L6 c
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
" ?, z" K& w; n- ^( R) [net.netfilter.nf_conntrack_tcp_timeout_last_ack = 307 }7 ` E0 O4 r. S: _
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
m1 D" x6 X( a% ~net.netfilter.nf_conntrack_tcp_timeout_close = 10# [" z# j$ d* V0 j
net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 300, F7 T6 k+ a9 Q" U! Q
net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 300: N5 L6 T( I" P, A& m) l# j8 d& T8 }
net.netfilter.nf_conntrack_tcp_loose = 1
) n8 B+ R2 [0 |4 G' O( x# O, onet.netfilter.nf_conntrack_tcp_be_liberal = 0$ Z% B4 B4 P" |0 ]$ ]' v# i3 y% \% A
net.netfilter.nf_conntrack_tcp_max_retrans = 3
7 |% @. F/ q7 [) b. {net.netfilter.nf_conntrack_udp_timeout = 30% U; Z( \. n# q, l) E2 q
net.netfilter.nf_conntrack_udp_timeout_stream = 1809 W/ n! Q8 J1 F
net.netfilter.nf_conntrack_icmpv6_timeout = 30; Y, H+ A8 Q* }
net.netfilter.nf_conntrack_acct = 0
5 v: H' }- I$ qnet.netfilter.nf_conntrack_events = 1
* m- u. w3 z0 y9 e; o8 Ynet.netfilter.nf_conntrack_events_retry_timeout = 15/ e* W4 c% E& K& G1 ]+ z% _5 J
net.netfilter.nf_conntrack_max = 65536$ A7 l' A: c& o- }
net.netfilter.nf_conntrack_count = 07 t: h3 j3 d$ e# Y1 O
net.netfilter.nf_conntrack_buckets = 16384
) P, X; t. F& hnet.netfilter.nf_conntrack_checksum = 1
0 S& x# C) h r$ F* [$ q6 Cnet.netfilter.nf_conntrack_log_invalid = 0
|7 D/ S: b3 _$ m* Xnet.netfilter.nf_conntrack_expect_max = 2567 K7 K9 i N$ k
net.core.somaxconn = 128
! L9 z! N, |# u ?' bnet.core.xfrm_aevent_etime = 10* E6 T! N. ~4 O
net.core.xfrm_aevent_rseqth = 2$ j: s: R! N& U
net.core.xfrm_larval_drop = 1, n" P8 m& `( g. J- d, C
net.core.xfrm_acq_expires = 30
# b/ ?1 a; y) u/ n* T
3 r4 g% O7 y: r4 Q0 w#【nginx】这个参数表示内核套接字发送缓存区的最大大小。' A! s6 v ?; m$ i
#【nginx】这个参数表示内核套接字接收缓存区的最大大小。
- o7 H6 s$ q: p5 V6 F#【nginx】这个参数表示内核套接字发送缓存区默认的大小。
) V0 `4 K2 C7 _0 W* I$ T7 B#【nginx】这个参数表示内核套接字接收缓存区默认的大小。1 h% l$ i7 h T, m. @* a" B
#注意 滑动窗口的大小与套接字缓存区会在一定程度上影响并发连接的数目。每个TCP连接都会为维护TCP滑动窗口而消耗内存,这个窗口会根据服务器的处理速度收缩或扩张。( `; B# _. ^: Z1 u
参数wmem_max的设置,需要平衡物理内存的总大小、Nginx并发处理的最大连接数量(由nginx.conf中的worker_processes和worker_connections参数决定)而确定。当然,如果仅仅为了提高并发量使服务器不出现Out Of Memory问题而去降低滑动窗口大小,那么并不合适,因为滑动窗口过小会影响大数据量的传输速度。rmem_default、wmem_default、rmem_max、wmem_max…
6 x3 X6 \7 K, G#参考:可靠传输的实现
( d! }" F" h) V4 I% u o1 p9 k0 @net.core.wmem_max = 124928 //wd=1249282 R' A: x- B# q: y' n }
net.core.rmem_max = 124928 //wd=124928) c7 u+ R" J' W! B# K
net.core.wmem_default = 124928 //wd=124928
- V! f8 A! m& V/ E9 O: u& Snet.core.rmem_default = 124928//wd=124928) [ r% G. I& u' A/ y7 S3 B/ ~
6 e% \/ u5 {. O, E @net.core.dev_weight = 64
; L: z: i% _% H: D
% c# c$ |6 G+ Q% Y0 L* @#【nginx】当网卡接收数据包的速度大于内核处理的速度时,会有一个队列保存这些数据包。这个参数表示该队列的最大值。wd=32768" p! `' J! O2 X
net.core.netdev_max_backlog = 1000# g: d7 @+ ^' N s$ O! O7 |% J
net.core.message_cost = 59 _/ Z8 Q$ W) Q" T; {6 |6 g
net.core.message_burst = 10
6 E! c7 u& S8 Z, qnet.core.optmem_max = 20480
/ \! c4 G. ~% o( |( c% Onet.core.rps_sock_flow_entries = 0, }- Q6 a) d$ m8 o
net.core.busy_poll = 01 l6 Z* a; e+ Q* s
net.core.busy_read = 0
: D8 p$ b9 V$ m+ V1 ~% xnet.core.netdev_budget = 300( W2 O' S% D: e
net.core.warnings = 13 Q z# R' @. s9 Q; n4 j
net.ipv4.route.gc_thresh = 131072
: P1 v3 v w [* ~: C! Onet.ipv4.route.max_size = 2097152 t' P/ L! v* c
net.ipv4.route.gc_min_interval = 09 {' G h$ D0 ~+ F, L" V
net.ipv4.route.gc_min_interval_ms = 500
% c( j. ?6 f5 t/ enet.ipv4.route.gc_timeout = 300, i$ o' J) |% m9 a# O
net.ipv4.route.gc_interval = 60
' X' Z/ @% E: I% M: x8 l9 ?' E Anet.ipv4.route.redirect_load = 20
1 E+ ^ A9 v# d: Vnet.ipv4.route.redirect_number = 9
7 m: y$ R9 |8 `- V9 {net.ipv4.route.redirect_silence = 20480
2 Y# U/ ]( `; r1 a% z# unet.ipv4.route.error_cost = 1000
) i6 I/ ^; Y' Z8 `% G' Snet.ipv4.route.error_burst = 50006 r+ o x; c2 m7 ]2 k& ]
net.ipv4.route.gc_elasticity = 8
: ` m7 y0 Y/ m* w% Xnet.ipv4.route.mtu_expires = 600# [( f0 J$ \" `1 o c$ ?; @4 Y
net.ipv4.route.min_pmtu = 552
3 y. U# y% {9 F- P0 m6 L1 Onet.ipv4.route.min_adv_mss = 2566 o l/ x% B2 F* x7 Z; [5 T
net.ipv4.route.secret_interval = 600/ u( f- E6 F" v$ S
net.ipv4.neigh.default.mcast_solicit = 3
: Y- n0 l& j1 @7 Y5 R( g8 e: ^' Nnet.ipv4.neigh.default.ucast_solicit = 3
) D) Z0 l) r- _$ q: `net.ipv4.neigh.default.app_solicit = 07 [, Z# R2 g5 z
net.ipv4.neigh.default.retrans_time = 99" D9 r5 z, |( c
net.ipv4.neigh.default.base_reachable_time = 30
. \; h) C& w% u: hnet.ipv4.neigh.default.delay_first_probe_time = 5
/ ]+ u( i' z9 S5 t3 r# Qnet.ipv4.neigh.default.gc_stale_time = 60$ b) B) e0 V7 J
net.ipv4.neigh.default.unres_qlen = 3/ ^; }3 Q, B+ u
net.ipv4.neigh.default.proxy_qlen = 64& T* D5 w: [8 z
net.ipv4.neigh.default.anycast_delay = 99* Z4 x7 ]1 V: |% l4 s- p
net.ipv4.neigh.default.proxy_delay = 79* ~+ N- J2 I8 | o& O o
net.ipv4.neigh.default.locktime = 99& ^% N; ] x$ |- o! o: ^7 e
net.ipv4.neigh.default.retrans_time_ms = 10001 ?. ~- z9 N& C( w3 m) h/ }
net.ipv4.neigh.default.base_reachable_time_ms = 300005 E. a- Z# c: j5 x* Z, Z5 t* d$ t
net.ipv4.neigh.default.gc_interval = 30
- C3 L8 j' [5 T5 A7 x: Nnet.ipv4.neigh.default.gc_thresh1 = 128
7 p# _- E& z8 ^& `, n8 y% qnet.ipv4.neigh.default.gc_thresh2 = 512- ^! p- X( _, T, g% h4 }. K
net.ipv4.neigh.default.gc_thresh3 = 10246 L4 o+ g5 V: y7 j" {8 w
net.ipv4.neigh.lo.mcast_solicit = 3
6 Y) B5 Z" G% k9 Hnet.ipv4.neigh.lo.ucast_solicit = 3. V5 f1 m" @( C/ h7 k
net.ipv4.neigh.lo.app_solicit = 0
: M; Q; R, B5 b9 C" B% bnet.ipv4.neigh.lo.retrans_time = 99
* ^1 D$ b! g6 qnet.ipv4.neigh.lo.base_reachable_time = 30
' d9 O2 @0 m9 V+ pnet.ipv4.neigh.lo.delay_first_probe_time = 58 y3 h5 M* e: W/ z! `4 Y; ?* f
net.ipv4.neigh.lo.gc_stale_time = 60( A, b1 Q6 g, a. k/ C
net.ipv4.neigh.lo.unres_qlen = 3& a+ O5 }% T/ m/ {" g6 a
net.ipv4.neigh.lo.proxy_qlen = 64- u) U3 P) p% ]% m6 J G) j0 L
net.ipv4.neigh.lo.anycast_delay = 99
8 q% v7 v! C5 `, wnet.ipv4.neigh.lo.proxy_delay = 79
5 J7 n& ~4 ?; l5 anet.ipv4.neigh.lo.locktime = 999 Z( R" b4 O+ \/ A- o- W3 S% j, @
net.ipv4.neigh.lo.retrans_time_ms = 1000
5 F- n0 n" M, pnet.ipv4.neigh.lo.base_reachable_time_ms = 30000# {5 o" g( s! f3 O3 y F
net.ipv4.neigh.eth0.mcast_solicit = 3
/ g9 x& d7 Q5 B- _# \net.ipv4.neigh.eth0.ucast_solicit = 3
+ o! b, ?: y7 c: S7 J& ^ u( n" cnet.ipv4.neigh.eth0.app_solicit = 0
& f( o' l$ M; J! rnet.ipv4.neigh.eth0.retrans_time = 99
% o4 U' G2 m2 \2 ]( enet.ipv4.neigh.eth0.base_reachable_time = 30
7 J& X0 C. b# \1 ?7 `5 rnet.ipv4.neigh.eth0.delay_first_probe_time = 5" N/ n: }7 s# O2 F- i: S
net.ipv4.neigh.eth0.gc_stale_time = 609 x! G1 F/ \0 l& T$ Y
net.ipv4.neigh.eth0.unres_qlen = 3" p6 r' J; @8 b- ?& N# y/ j, v
net.ipv4.neigh.eth0.proxy_qlen = 64
; W% ?. L+ Y/ S K# Q! e$ {net.ipv4.neigh.eth0.anycast_delay = 99* i) p# L+ X! _
net.ipv4.neigh.eth0.proxy_delay = 795 Y6 w# K0 U! p+ y" G
net.ipv4.neigh.eth0.locktime = 997 L9 E3 i7 X: {1 S
net.ipv4.neigh.eth0.retrans_time_ms = 1000
$ z# v y0 z" K. E8 _, `5 cnet.ipv4.neigh.eth0.base_reachable_time_ms = 30000
' {, M0 Y8 m5 x. Z' Y. snet.ipv4.neigh.pan0.mcast_solicit = 3 C S5 {: {! |! b9 G) N
net.ipv4.neigh.pan0.ucast_solicit = 3
5 I- p0 l; D6 f6 s) a6 p9 `. dnet.ipv4.neigh.pan0.app_solicit = 0
, E3 H. u& E9 enet.ipv4.neigh.pan0.retrans_time = 99
0 V& [% `7 [5 [& x) Y' }net.ipv4.neigh.pan0.base_reachable_time = 30 l& Q! Q( c# p2 O
net.ipv4.neigh.pan0.delay_first_probe_time = 5
. X: W3 ?& w. L; Z5 c' |net.ipv4.neigh.pan0.gc_stale_time = 608 S; p5 ]. p( f/ x+ F' G
net.ipv4.neigh.pan0.unres_qlen = 3
5 c1 i" H3 v4 |( n+ `% {net.ipv4.neigh.pan0.proxy_qlen = 64- v: q5 r2 C6 E: b6 n. E
net.ipv4.neigh.pan0.anycast_delay = 99, s5 b3 H/ b. P+ t+ ?
net.ipv4.neigh.pan0.proxy_delay = 79
4 x- B3 I P& | ^+ ^net.ipv4.neigh.pan0.locktime = 995 ?. U* l' R9 ]8 U+ R4 v
net.ipv4.neigh.pan0.retrans_time_ms = 1000
2 u! |8 }# O4 [6 tnet.ipv4.neigh.pan0.base_reachable_time_ms = 30000
0 H' B* n; {5 c& R1 {net.ipv4.tcp_timestamps = 1, _1 b" q* _9 Q. N8 K, r5 _$ b- b+ i
net.ipv4.tcp_window_scaling = 1
& j3 J; X% E D6 ^6 z' lnet.ipv4.tcp_sack = 1. w9 Q3 P5 g8 @& z" P* x
net.ipv4.tcp_retrans_collapse = 1! n% J: s% Y" `, N' x0 o: Y! l
net.ipv4.ip_default_ttl = 641 T, p0 V* F* f+ [/ n
net.ipv4.ip_no_pmtu_disc = 0
1 t% ?/ Y( ^9 U, ^& mnet.ipv4.ip_nonlocal_bind = 0
1 Y* z6 R$ P7 x' ?4 Rnet.ipv4.tcp_syn_retries = 5
, l | P9 |- |& N* J6 ~net.ipv4.tcp_synack_retries = 5
3 q z3 R- {" Hnet.ipv4.tcp_max_orphans = 262144
e1 I U$ Q9 ?2 H9 O7 K7 V
7 c8 r$ _, x& u: i3 K ~- p8 h# Q
5 [ |9 D5 j I/ V0 Z( W3 J7 b r( M: a5 w5 J% y
#【nginx】这个参数表示操作系统允许TIME_WAIT套接字数量的最大值,如果超过这个数字,TIME_WAIT套接字将立刻被清除并打印警告信息。该参数默认为180 000,过多的TIME_WAIT套接字会使Web服务器变慢。wd=10000
/ D* }- n" _& L, s2 Y4 e, H2 Snet.ipv4.tcp_max_tw_buckets = 262144
9 X3 Z$ N# b' x2 O+ m1 e* \# U, ^4 \8 O3 q: p6 }8 F
net.ipv4.ip_dynaddr = 09 y, ]2 s _! G$ D
* Y; _1 G+ ^6 H
#【nginx】这个参数表示当keepalive启用时,TCP发送keepalive消息的频度。默认是2小时,若将其设置得小一些,可以更快地清理无效的连接。单位:秒 默认值:2小时。wd=300; P1 i- ^3 q! X% i5 \3 n$ X
net.ipv4.tcp_keepalive_time = 72004 Q- s! m8 N$ a. O4 v/ z0 E
9 W x# @0 f% ^; F2 a% `, L9 a
net.ipv4.tcp_keepalive_probes = 9$ T; t% P0 B3 \& Y. c) w
net.ipv4.tcp_keepalive_intvl = 75
2 Y2 L3 N- Q4 C6 b; _+ h( Unet.ipv4.tcp_retries1 = 3
" b, P' ^( s- x# [! ^3 enet.ipv4.tcp_retries2 = 157 l3 K; ~, I6 g, z
7 I/ j( `4 K5 A- _: x' w2 |: z. @) ] o
#【nginx】这个参数表示当服务器主动关闭连接时,socket保持在FIN-WAIT-2状态的最大时间,单位:秒 wd=30# G! ~2 W9 P0 V9 j3 w$ F3 k
#参考:tcp参数详解之tcp_fin_timeout
" Y; s8 S' Q% P! x9 i0 `. Anet.ipv4.tcp_fin_timeout = 60. d# s2 ?( | Z. ^: N
; E& Z6 L. w" V- e8 S
#【nginx】参数与性能无关,用于解决TCP的SYN攻击。 wd= 1% G0 h) H* m7 k( X* e) z
net.ipv4.tcp_syncookies = 1
1 `$ Q8 n d& k& S
3 f& |0 Q0 \% q8 t7 S c2 `, Cnet.ipv4.tcp_tw_recycle = 0
6 X1 @7 D# ]+ o3 w& c1 ]! s! |& x0 {net.ipv4.tcp_abort_on_overflow = 0
) Y% n$ b `% A! i' Gnet.ipv4.tcp_stdurg = 0
9 e0 B9 }9 T& e0 \2 ynet.ipv4.tcp_rfc1337 = 0. d- ]8 ?3 Y0 Z! q
2 |+ G s+ r6 f; T
#【nginx】这个参数表示TCP三次握手建立阶段接收SYN请求队列的最大长度,默认为1024,将其设置得大一些可以使出现Nginx繁忙来不及accept新连接的情况时,Linux不至于丢失客户端发起的连接请求,wd=2048
0 ~3 \. t/ C$ G9 n$ f) i" p0 enet.ipv4.tcp_max_syn_backlog = 2048+ I% K- g9 T$ [8 ], b# ]8 g
$ |# u6 H+ K- }. P) Q( D
" x6 ?6 M6 m$ x8 P
; }5 T( Z5 q! R#【nginx】这个参数定义了在UDP和TCP连接中本地(不包括连接的远端)端口的取值范围。wd = 10240 655354 [. y# W% R8 `% N: ?2 K
net.ipv4.ip_local_port_range = 32768 61000
# p# C& p3 C, m& B' M
: K( R7 T! s5 M0 j, Fnet.ipv4.ip_local_reserved_ports =2 x7 C( @! z, ~- O. k: `1 u# E7 h8 d4 ^
net.ipv4.igmp_max_memberships = 208 f3 W* f& A: b; A
net.ipv4.igmp_max_msf = 10
% g5 ?! R8 j& g3 z& b3 inet.ipv4.inet_peer_threshold = 65664- }2 o8 P) T, |
net.ipv4.inet_peer_minttl = 120
% C9 N$ L8 m6 B% V+ O2 ~net.ipv4.inet_peer_maxttl = 600+ X Y% L( B3 m7 j1 M
net.ipv4.inet_peer_gc_mintime = 10
?2 W" ?) E/ E1 `1 Q4 G' f$ q. Rnet.ipv4.inet_peer_gc_maxtime = 120, x- o; F( w3 c) e7 Q4 G
net.ipv4.tcp_orphan_retries = 0! P6 F O' N) X9 Q0 y- ^
net.ipv4.tcp_fack = 1
1 z$ b( w6 h9 H6 w" fnet.ipv4.tcp_reordering = 3& a7 e$ O/ N( K j9 K
net.ipv4.tcp_ecn = 2
! e( {0 @& Z8 \% j% i8 Lnet.ipv4.tcp_dsack = 1( \0 W4 d2 i; J1 C5 ]
net.ipv4.tcp_mem = 364224 485632 7284486 ]2 U3 T$ \1 }5 E5 g1 B
% I$ p1 Z5 f9 \3 _
#【nginx】这个参数定义了TCP发送缓存(用于TCP发送滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304
4 _- X2 x: W8 ^# r8 N/ J( V* M: b' y! ?net.ipv4.tcp_wmem = 4096 16384 4194304
8 i5 t5 b/ r6 p4 w# [3 K$ v5 Z2 `; K0 {- }
#【nginx】这个参数定义了TCP接收缓存(用于TCP接收滑动窗口)的最小值、默认值、最大值。wd=4096 87380 4194304) r& o& F5 ]6 D8 [8 G
net.ipv4.tcp_rmem = 4096 87380 4194304
/ X% F Q. L3 H. ~: B+ ~ }
* \ {$ F) J, { dnet.ipv4.tcp_app_win = 31
* @+ ^- @2 ]# g6 y$ Tnet.ipv4.tcp_adv_win_scale = 23 |0 S& I5 m8 ?' c4 U
! e" v/ W7 ^( ~8 p! [ Y' j) S#【nginx】tw是time wait的简称,表示允许将time-wait状态的socket重新用于新的tcp连接,这对于服务器来说很有意义,因为服务器上总会有大量的time-wait状态的连接。wd=1
; W( y6 C6 f' X# R% T7 u: Knet.ipv4.tcp_tw_reuse = 0
s2 ?* B2 i/ t9 M$ ^
; d! `! w0 d4 \$ L# j# Cnet.ipv4.tcp_frto = 2
* n; Q0 k7 R4 `net.ipv4.tcp_frto_response = 0" j0 v. V; M: [) x/ l% W
net.ipv4.tcp_low_latency = 0" N" f- [% J* E$ ~3 e, J5 o2 u! q
net.ipv4.tcp_no_metrics_save = 0; Y( O5 o: ~' T
net.ipv4.tcp_moderate_rcvbuf = 1
4 W" r+ Y: E' wnet.ipv4.tcp_tso_win_divisor = 3
5 ~; {3 M0 K ?$ B1 p/ Fnet.ipv4.tcp_congestion_control = cubic3 l4 g# i* b6 J" z
net.ipv4.tcp_abc = 05 o' v) a7 b0 q
net.ipv4.tcp_mtu_probing = 0
- }2 M# \% I+ y1 e. \& p9 unet.ipv4.tcp_base_mss = 5123 A$ S! Q: q; U. S8 }: t
net.ipv4.tcp_workaround_signed_windows = 0: B4 @5 h4 W# Q3 l
net.ipv4.tcp_challenge_ack_limit = 1000 e3 o. l* ~% A! {1 q0 }
net.ipv4.tcp_limit_output_bytes = 131072; I2 V9 H' r: m7 z1 `. h l, G
net.ipv4.tcp_dma_copybreak = 4096
7 L9 O( J8 U8 F4 `& U+ Znet.ipv4.tcp_slow_start_after_idle = 1& h& m% q9 Y1 M3 L, ?
net.ipv4.cipso_cache_enable = 1
2 s& J8 Y' `0 o6 S: t/ R1 K. D4 {# Nnet.ipv4.cipso_cache_bucket_size = 10: p5 Z" P0 P( \2 M7 p
net.ipv4.cipso_rbm_optfmt = 0
( M# a0 x; T% @. A+ ynet.ipv4.cipso_rbm_strictvalid = 1( \6 P9 j" R. K2 D7 s) x# b
net.ipv4.tcp_available_congestion_control = cubic reno }6 _" A; d/ ~
net.ipv4.tcp_allowed_congestion_control = cubic reno
" J% p. {0 [) b! onet.ipv4.tcp_max_ssthresh = 0# F) s2 @" D& {0 ?2 i0 ]( [; Z
net.ipv4.tcp_thin_linear_timeouts = 0
, i+ B6 t7 }7 d, p; W M3 Rnet.ipv4.tcp_thin_dupack = 0
5 {5 j5 t& \" ~$ rnet.ipv4.tcp_min_tso_segs = 2& E. Y5 [8 G+ H( G4 }) f
net.ipv4.udp_mem = 364224 485632 728448- f$ B0 Q1 D8 b9 t7 `
net.ipv4.udp_rmem_min = 4096( _- B+ }2 o6 J) O+ R
net.ipv4.udp_wmem_min = 4096: `7 O; j& d8 W* |+ G
net.ipv4.conf.all.forwarding = 0
1 S' \) w" |# Tnet.ipv4.conf.all.mc_forwarding = 0% B9 X+ _5 t7 z& U$ F1 @5 l
net.ipv4.conf.all.accept_redirects = 1
; h4 f4 h2 D4 ]4 ]) f$ l& c% znet.ipv4.conf.all.secure_redirects = 1
, V" ?' R9 B0 m5 E3 |- Gnet.ipv4.conf.all.shared_media = 1
4 q! u( z9 B K* anet.ipv4.conf.all.rp_filter = 0
6 v1 s- T3 m3 C& Z5 h7 `net.ipv4.conf.all.send_redirects = 1
! J8 J& t$ X5 rnet.ipv4.conf.all.accept_source_route = 00 R* S" @ p( G
net.ipv4.conf.all.src_valid_mark = 00 E5 E, B! F6 t: r4 ^! K+ L6 w
net.ipv4.conf.all.proxy_arp = 0; D7 b9 ?: A9 U( o. ?
net.ipv4.conf.all.medium_id = 0
9 g2 V( B7 j$ Inet.ipv4.conf.all.bootp_relay = 0) T7 m) G& `% w% `( Z, n
net.ipv4.conf.all.log_martians = 0- w5 D$ d( c: ?0 m+ \& o# y
net.ipv4.conf.all.tag = 0+ c8 F( j- W5 ]! t
net.ipv4.conf.all.arp_filter = 0! q. D% G* j& M0 d' U
net.ipv4.conf.all.arp_announce = 0
S( a9 U6 {% A; L! z$ |: f. Xnet.ipv4.conf.all.arp_ignore = 0
8 ]4 S2 A! w7 N' U# Tnet.ipv4.conf.all.arp_accept = 03 U6 l; y Y( F9 e" U
net.ipv4.conf.all.arp_notify = 0+ Z2 Q% q, a. u; h* \9 W9 a8 \7 M3 x6 h
net.ipv4.conf.all.proxy_arp_pvlan = 0! L8 ^0 L1 i5 Q
net.ipv4.conf.all.disable_xfrm = 0, M' ]( A- \3 u& j, ^
net.ipv4.conf.all.disable_policy = 0
d6 ? h7 T( tnet.ipv4.conf.all.force_igmp_version = 01 ]1 D3 v) \3 c$ C8 ~+ t
net.ipv4.conf.all.promote_secondaries = 0& x7 k8 {, E4 a" q# e5 c
net.ipv4.conf.all.accept_local = 0
. }- m+ ]. E- F/ _net.ipv4.conf.all.route_localnet = 0. }* d) g" X! |! H$ F
net.ipv4.conf.default.forwarding = 09 u# S4 w) X6 q+ |8 f6 X' Q
net.ipv4.conf.default.mc_forwarding = 0
* i* e( Z& y8 v3 s+ H9 Pnet.ipv4.conf.default.accept_redirects = 1
! e. V0 c n: U$ mnet.ipv4.conf.default.secure_redirects = 1
3 d9 G% h: [/ B2 pnet.ipv4.conf.default.shared_media = 1
+ D$ l5 K3 Y3 F6 g7 d4 E1 Tnet.ipv4.conf.default.rp_filter = 1/ S1 n6 b) Y3 N4 c1 S
net.ipv4.conf.default.send_redirects = 1
0 A+ ~6 g% t+ i# anet.ipv4.conf.default.accept_source_route = 0
: _, \/ D& n' p9 Unet.ipv4.conf.default.src_valid_mark = 0+ Z9 { n6 K. R
net.ipv4.conf.default.proxy_arp = 0
& L: O) i I5 A U/ Tnet.ipv4.conf.default.medium_id = 02 j7 o' Y d0 M( R
net.ipv4.conf.default.bootp_relay = 0$ t) r6 d b* g6 X5 u
net.ipv4.conf.default.log_martians = 0
& h5 Q9 w* ? f- d! i% E/ vnet.ipv4.conf.default.tag = 0" j& w5 M. z, l5 \! Y& `1 T
net.ipv4.conf.default.arp_filter = 0) l# O4 P8 Z% `4 j2 }
net.ipv4.conf.default.arp_announce = 0- O7 ^8 m* o V: \7 y. N2 Y" F( [/ A( i
net.ipv4.conf.default.arp_ignore = 0- A5 x, ]) P& i- F$ O8 m& n
net.ipv4.conf.default.arp_accept = 0
9 e( V. P, _& W/ F5 ~net.ipv4.conf.default.arp_notify = 0
# ]) k& k2 k& }6 Cnet.ipv4.conf.default.proxy_arp_pvlan = 0
D; |( V' ^5 k& o3 |- N4 unet.ipv4.conf.default.disable_xfrm = 01 R8 `! I8 k, T( ]5 D
net.ipv4.conf.default.disable_policy = 0
# ]( T+ V F T: ^net.ipv4.conf.default.force_igmp_version = 0
$ S+ W' `+ d& n; E6 unet.ipv4.conf.default.promote_secondaries = 0. z5 T, Y" M. P Q* |
net.ipv4.conf.default.accept_local = 0$ b9 w, g; P; [# Z# s
net.ipv4.conf.default.route_localnet = 0; j! D9 v6 s( E, U
net.ipv4.conf.lo.forwarding = 0
# P% J2 ~: m2 `net.ipv4.conf.lo.mc_forwarding = 0$ e/ F3 @# d9 H/ T6 J7 g. I' J/ \# ?
net.ipv4.conf.lo.accept_redirects = 14 l! ~. q* A1 S9 }- P
net.ipv4.conf.lo.secure_redirects = 1
! {9 Q4 o8 R4 t8 e) ynet.ipv4.conf.lo.shared_media = 1
. U- d d+ Y/ a) J- bnet.ipv4.conf.lo.rp_filter = 1' t. T8 W8 w$ ?" j7 q# [
net.ipv4.conf.lo.send_redirects = 1& N. k0 j" d" N
net.ipv4.conf.lo.accept_source_route = 0
5 T3 y3 S( }$ F1 w8 onet.ipv4.conf.lo.src_valid_mark = 01 q. ^7 m* i- s7 v- t) A
net.ipv4.conf.lo.proxy_arp = 0
W* z8 K& [( v# n, ?/ H9 x5 ]net.ipv4.conf.lo.medium_id = 00 M' N0 x, t0 Z6 c2 Q
net.ipv4.conf.lo.bootp_relay = 0
* d7 n: k; N) N& Hnet.ipv4.conf.lo.log_martians = 0
/ p$ G$ D8 O l9 o- Znet.ipv4.conf.lo.tag = 0
2 v" e& L, [ W; L9 Unet.ipv4.conf.lo.arp_filter = 06 e$ M$ m9 m0 U, i
net.ipv4.conf.lo.arp_announce = 0+ n+ }" }: z+ C6 I) k9 Y1 f. c' M
net.ipv4.conf.lo.arp_ignore = 0
0 e/ z# }$ q- j4 }0 Qnet.ipv4.conf.lo.arp_accept = 0
& g! p) [# Y% j1 T, Mnet.ipv4.conf.lo.arp_notify = 0
4 u1 h- I/ V2 T1 r8 V) Anet.ipv4.conf.lo.proxy_arp_pvlan = 0
/ g2 E! {7 w$ }! Mnet.ipv4.conf.lo.disable_xfrm = 1
- z. |9 {$ a6 b+ Enet.ipv4.conf.lo.disable_policy = 10 w K2 W/ Z. I5 e) S, v% s
net.ipv4.conf.lo.force_igmp_version = 01 F% f2 k6 j. [7 y# L* P6 q& `( `1 L* A
net.ipv4.conf.lo.promote_secondaries = 0
8 j2 g: a0 q+ w3 ^; Y2 Onet.ipv4.conf.lo.accept_local = 08 |7 y* D( n+ S7 _2 X; V
net.ipv4.conf.lo.route_localnet = 0
}) m: O9 m; g7 I" \net.ipv4.conf.eth0.forwarding = 0; M8 V+ j2 s/ B$ o
net.ipv4.conf.eth0.mc_forwarding = 01 }7 O! m! ]' X7 W5 j# u1 V V( S
net.ipv4.conf.eth0.accept_redirects = 1+ M3 z) C) b% h* @
net.ipv4.conf.eth0.secure_redirects = 1% g, U9 m0 O3 n/ ?$ I! B3 W/ P
net.ipv4.conf.eth0.shared_media = 1
" ]8 A; I/ x' Z* N3 Inet.ipv4.conf.eth0.rp_filter = 1
" R, T& B$ o9 e5 b% g7 cnet.ipv4.conf.eth0.send_redirects = 1, e% t) p8 D2 y
net.ipv4.conf.eth0.accept_source_route = 0& ~- M$ Y/ p, P* _' s) ~
net.ipv4.conf.eth0.src_valid_mark = 0
U7 j& U1 o1 m) d# _net.ipv4.conf.eth0.proxy_arp = 0
8 K3 n' O" V/ Z! m( M# enet.ipv4.conf.eth0.medium_id = 0
) L( z' n2 Q7 F \, g; pnet.ipv4.conf.eth0.bootp_relay = 0
5 l/ B: s9 S- F0 qnet.ipv4.conf.eth0.log_martians = 0
* M( ]" ?/ |! ^: |# J/ Dnet.ipv4.conf.eth0.tag = 0
; k5 T* W: K4 A9 {0 mnet.ipv4.conf.eth0.arp_filter = 0
4 A Z7 Y# t1 h5 D: L3 W' snet.ipv4.conf.eth0.arp_announce = 0
% p% U" z- h. rnet.ipv4.conf.eth0.arp_ignore = 0
/ g# P9 F- j- {5 Ynet.ipv4.conf.eth0.arp_accept = 0
/ ^6 i" [( o; znet.ipv4.conf.eth0.arp_notify = 0/ A2 }: b* ^) }# \- Y
net.ipv4.conf.eth0.proxy_arp_pvlan = 0
B. q4 N8 u6 z% mnet.ipv4.conf.eth0.disable_xfrm = 07 @0 a) g) r" y, _% L' g
net.ipv4.conf.eth0.disable_policy = 0/ l! s" ?- k9 t+ e8 F, z/ v
net.ipv4.conf.eth0.force_igmp_version = 01 q8 Z! B9 l; P" ?1 ^
net.ipv4.conf.eth0.promote_secondaries = 0
8 j" ?1 x# }$ Z1 V& b, Mnet.ipv4.conf.eth0.accept_local = 0
6 ]6 m; }8 w9 ?. C! jnet.ipv4.conf.eth0.route_localnet = 0 u& e7 e. v; D6 _. R
net.ipv4.conf.pan0.forwarding = 0
) H- U- t2 W8 j/ ynet.ipv4.conf.pan0.mc_forwarding = 03 E- k' w3 o" T% p7 E: \
net.ipv4.conf.pan0.accept_redirects = 1. J% u/ x( k. O l) e2 f* Y( o& T
net.ipv4.conf.pan0.secure_redirects = 1& O+ {; i3 I# ` R6 K
net.ipv4.conf.pan0.shared_media = 13 ~% P m! T9 W/ Y- Q$ h: ^( |
net.ipv4.conf.pan0.rp_filter = 1) a. ?/ s& T9 B
net.ipv4.conf.pan0.send_redirects = 15 m$ I7 r& W) D# ^
net.ipv4.conf.pan0.accept_source_route = 0
7 J, U+ y% h, p! F- C, E; pnet.ipv4.conf.pan0.src_valid_mark = 0* Y- f- Z/ `$ G" s& c1 V
net.ipv4.conf.pan0.proxy_arp = 0: n- K5 p. x4 F2 s" G# F6 Q3 K, M) h
net.ipv4.conf.pan0.medium_id = 0
9 a/ r5 V8 P# Y+ v# ?7 u0 ^: B1 Snet.ipv4.conf.pan0.bootp_relay = 0
. v) M9 C$ _& gnet.ipv4.conf.pan0.log_martians = 0& h! X+ ?3 E2 R
net.ipv4.conf.pan0.tag = 0- {5 k5 Q% [, D) c6 w! L0 Y& |" z0 }
net.ipv4.conf.pan0.arp_filter = 0+ [& L( L& I) c; g: Z7 ?. I
net.ipv4.conf.pan0.arp_announce = 0
4 K1 G) ]1 O: P& L6 g& dnet.ipv4.conf.pan0.arp_ignore = 0! }) p2 F5 Q. E& t6 f
net.ipv4.conf.pan0.arp_accept = 0
* T. r5 c0 n/ d! r; n) d( Xnet.ipv4.conf.pan0.arp_notify = 0
: G. _. H8 f7 E: K. ?5 F) Inet.ipv4.conf.pan0.proxy_arp_pvlan = 0
8 {" s, v( J2 e/ {: U! L' ?8 jnet.ipv4.conf.pan0.disable_xfrm = 0
! l" k; b; E, [7 q& K) p* onet.ipv4.conf.pan0.disable_policy = 0
$ r' d E+ r! Hnet.ipv4.conf.pan0.force_igmp_version = 0! _" o: Q) E- `1 ?1 W
net.ipv4.conf.pan0.promote_secondaries = 0: a) e; i9 o, Q |( O, ^: ~# c$ w, L
net.ipv4.conf.pan0.accept_local = 0
V; G# a; Z' p0 n) I9 R1 ^9 {net.ipv4.conf.pan0.route_localnet = 0* l5 I5 ^4 X9 w4 g
) w# R6 }- g2 W7 o7 x% j
#是否开启ip转发功能,设置为路由服务器,必需开启此项
- } R6 w) G, j9 F U' _net.ipv4.ip_forward = 0' r6 W+ i# D- }6 \
net.ipv4.xfrm4_gc_thresh = 10485765 Z! N( ^. T" j
net.ipv4.ipfrag_high_thresh = 41943045 H# ?& @! @& t9 r& F$ E9 k
net.ipv4.ipfrag_low_thresh = 3145728
& y; H) D1 Z+ Y, p3 a6 Xnet.ipv4.ipfrag_time = 30; I3 Y& {. f1 r; T& g" s
net.ipv4.icmp_echo_ignore_all = 0
, l6 u; j$ M( U/ _$ O7 B* Jnet.ipv4.icmp_echo_ignore_broadcasts = 19 W; k. o- M, P' A
net.ipv4.icmp_ignore_bogus_error_responses = 1, {$ X- h2 o+ C, a# _
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
5 _; a" l2 W7 z: n& znet.ipv4.icmp_ratelimit = 10009 h2 [9 y ^% G: P
net.ipv4.icmp_ratemask = 6168# Y$ b4 G3 P* `: r0 V! v' I) P: _
net.ipv4.rt_cache_rebuild_count = 4
7 l+ d, b. `9 k4 fnet.ipv4.ping_group_range = 1 0
, z! D+ r/ K- Z# A& K4 xnet.ipv4.ipfrag_secret_interval = 600
$ ?8 w. ^' ^* m* |net.ipv4.ipfrag_max_dist = 64# u! w! b d. b8 r
net.ipv6.neigh.default.mcast_solicit = 3. k+ y8 L2 e% x
net.ipv6.neigh.default.ucast_solicit = 3
- J; O5 }3 N( K" o9 p+ lnet.ipv6.neigh.default.app_solicit = 0
, G" G# o8 J! ?2 ~* C) G! o. }net.ipv6.neigh.default.delay_first_probe_time = 5
1 _) |7 o- Y6 j; Q0 @) Nnet.ipv6.neigh.default.gc_stale_time = 60
) G2 l6 V' y l2 G' snet.ipv6.neigh.default.unres_qlen = 3
|. V8 P% s4 v6 Z' r8 k7 wnet.ipv6.neigh.default.proxy_qlen = 644 j( j- p* {; A$ M
net.ipv6.neigh.default.anycast_delay = 99- `; N. z' c7 H
net.ipv6.neigh.default.proxy_delay = 79
E2 _1 O) S: C; M/ J5 j) Pnet.ipv6.neigh.default.locktime = 0
6 o9 h' h5 G; y' p- [! x8 j6 }7 A5 Vnet.ipv6.neigh.default.retrans_time_ms = 1000
. L; G' X% n& U) Xnet.ipv6.neigh.default.base_reachable_time_ms = 300007 g- ^3 Z) V: C; n" V0 \
net.ipv6.neigh.default.gc_interval = 301 u$ L5 I4 d8 I; f8 W) [- z
net.ipv6.neigh.default.gc_thresh1 = 128& ]2 ^/ S# P8 r4 J0 z( q
net.ipv6.neigh.default.gc_thresh2 = 512
! J* b7 | _, s; b3 Knet.ipv6.neigh.default.gc_thresh3 = 1024
9 L2 T- v U6 m0 {, z' P; [net.ipv6.neigh.lo.mcast_solicit = 3
0 A/ A# _6 L' p" e5 [* ~6 jnet.ipv6.neigh.lo.ucast_solicit = 34 ~* b/ _+ D/ }8 a, V) u8 d
net.ipv6.neigh.lo.app_solicit = 0
4 t* z `8 E8 t3 u2 |7 K* cnet.ipv6.neigh.lo.delay_first_probe_time = 52 C) v$ R; a7 d! e4 ]) \
net.ipv6.neigh.lo.gc_stale_time = 60( e; l4 D& F: f7 P3 _! }" `4 `
net.ipv6.neigh.lo.unres_qlen = 3
6 B. ^4 `5 j8 [( Y2 \/ ]$ `: j0 onet.ipv6.neigh.lo.proxy_qlen = 64
, }# U: _) r) F# o4 T+ Lnet.ipv6.neigh.lo.anycast_delay = 99
* \6 o$ z4 C- o- g* d+ `- k% R$ ynet.ipv6.neigh.lo.proxy_delay = 79
m2 l* H# O% i9 e) i K2 f, Mnet.ipv6.neigh.lo.locktime = 0$ h" p( |. V$ O/ r: b
net.ipv6.neigh.lo.retrans_time_ms = 10000 Z1 l6 B' n6 b4 @! Q: E
net.ipv6.neigh.lo.base_reachable_time_ms = 30000
7 Q( P- T! t- }; Q' Y: ^$ t- vnet.ipv6.neigh.eth0.mcast_solicit = 3+ s( ]6 G8 r* Y
net.ipv6.neigh.eth0.ucast_solicit = 3
+ g j9 w2 q% v1 b2 Pnet.ipv6.neigh.eth0.app_solicit = 0
9 w) d* B& _' C( t; Tnet.ipv6.neigh.eth0.delay_first_probe_time = 5
4 C( P. \: S; a, _$ j, G4 Onet.ipv6.neigh.eth0.gc_stale_time = 60
; P8 m. B1 j( w. s! Z# K# gnet.ipv6.neigh.eth0.unres_qlen = 3
1 l2 R9 \$ l u6 w1 R" {0 l2 ~net.ipv6.neigh.eth0.proxy_qlen = 64
$ h; v. n/ j6 s+ i: @, Hnet.ipv6.neigh.eth0.anycast_delay = 99
2 i) ^" q4 X" a! T' ~4 O9 B. Xnet.ipv6.neigh.eth0.proxy_delay = 790 ?* K$ `, e: \/ G8 u/ y" E1 f
net.ipv6.neigh.eth0.locktime = 0 A/ }& B6 `' L0 y
net.ipv6.neigh.eth0.retrans_time_ms = 1000; u2 t! l4 a& n
net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
4 r. ? `1 [$ O( Unet.ipv6.neigh.pan0.mcast_solicit = 36 W- w5 s9 M- V
net.ipv6.neigh.pan0.ucast_solicit = 3
1 d- D# `4 z9 n1 H4 i" @ K- |net.ipv6.neigh.pan0.app_solicit = 0
( q1 v" I* n; A) |0 Mnet.ipv6.neigh.pan0.delay_first_probe_time = 5
/ q; T+ n9 V' x1 D- |& ]" c O' Y1 knet.ipv6.neigh.pan0.gc_stale_time = 60
' V# t+ u1 _, w6 jnet.ipv6.neigh.pan0.unres_qlen = 3
! [! J- c" E) Unet.ipv6.neigh.pan0.proxy_qlen = 647 N% |' m1 M0 I! u2 H1 `
net.ipv6.neigh.pan0.anycast_delay = 99
# D; D; s0 I- j7 Vnet.ipv6.neigh.pan0.proxy_delay = 79; k, O1 u3 T3 D' ^1 L5 B# C: l
net.ipv6.neigh.pan0.locktime = 0+ M6 H' C; ~% m
net.ipv6.neigh.pan0.retrans_time_ms = 1000
* l: {, W6 ~; v- t# snet.ipv6.neigh.pan0.base_reachable_time_ms = 30000
1 `- j, }; l7 p/ Bnet.ipv6.xfrm6_gc_thresh = 2048
, x1 R! l% H8 hnet.ipv6.conf.all.forwarding = 0
% k" U7 r' @8 D _. \& p2 Y% Knet.ipv6.conf.all.hop_limit = 64
3 u) r; i$ b/ V$ znet.ipv6.conf.all.mtu = 1280! o: p% L7 m/ m- |9 S- K8 B1 ], n
net.ipv6.conf.all.accept_ra = 1
3 I1 B! x4 p. I$ A$ o/ \4 knet.ipv6.conf.all.accept_redirects = 1* z. f) L( ~3 h+ E6 J0 w
net.ipv6.conf.all.autoconf = 1" W( ~* y( Q& X
net.ipv6.conf.all.dad_transmits = 1
0 E1 a' B! y! Q% Wnet.ipv6.conf.all.router_solicitations = 38 t6 M T+ K4 ^0 j: `) Z% X. N
net.ipv6.conf.all.router_solicitation_interval = 4! ?7 n9 J% l7 W
net.ipv6.conf.all.router_solicitation_delay = 1
0 s- p$ H1 O" A1 U `) Xnet.ipv6.conf.all.force_mld_version = 0
. p6 P/ q) N/ X7 J" Snet.ipv6.conf.all.use_tempaddr = 0
4 d }/ c* E& N0 u( s% i! X5 E7 j/ cnet.ipv6.conf.all.temp_valid_lft = 604800
, j9 l2 {/ f, T$ L. G6 wnet.ipv6.conf.all.temp_prefered_lft = 86400# q9 {5 m8 K9 j
net.ipv6.conf.all.regen_max_retry = 5
" W% c. g Z+ _) x! ^net.ipv6.conf.all.max_desync_factor = 600! t( n; a. f6 P6 h, F. S4 N
net.ipv6.conf.all.max_addresses = 16$ O. P A- B9 g
net.ipv6.conf.all.accept_ra_defrtr = 1
7 a8 T; w* Q8 Vnet.ipv6.conf.all.accept_ra_pinfo = 1
& ]8 H( E" Q; q6 ?net.ipv6.conf.all.accept_ra_rtr_pref = 1+ W) O. U! k+ H" D! s
net.ipv6.conf.all.router_probe_interval = 60
+ v! L& M- e5 E- g& \* Nnet.ipv6.conf.all.accept_ra_rt_info_max_plen = 0. O2 K1 k+ X. S \5 C0 x* S' |
net.ipv6.conf.all.proxy_ndp = 0
# v+ ]6 r+ U0 k7 d& A# pnet.ipv6.conf.all.accept_source_route = 0
- y: j$ V) y. F: B4 y7 Bnet.ipv6.conf.all.optimistic_dad = 0
+ X6 \9 U+ }$ A" \4 \' k# \net.ipv6.conf.all.mc_forwarding = 0
$ K; l1 E, K7 h5 d" ^8 Pnet.ipv6.conf.all.disable_ipv6 = 08 s! d$ R7 U. R+ z2 {. M" m- ?. u
net.ipv6.conf.all.accept_dad = 1# I- i- k/ I5 O2 }5 w1 y% k, b
net.ipv6.conf.default.forwarding = 0
% w. p4 x6 @& Snet.ipv6.conf.default.hop_limit = 64$ ~0 r: o: d2 @1 B
net.ipv6.conf.default.mtu = 1280; g+ ~$ a' E7 ?" x
net.ipv6.conf.default.accept_ra = 1: h5 i7 q+ c# }4 _: v/ }9 E
net.ipv6.conf.default.accept_redirects = 1
' T% y1 b% N( c9 s4 e8 i. Wnet.ipv6.conf.default.autoconf = 1* b5 Y4 A1 Y0 X+ n' d. O- ?# r
net.ipv6.conf.default.dad_transmits = 1
7 `1 M9 ^1 Z) E$ P/ U- v+ Y2 |net.ipv6.conf.default.router_solicitations = 3; r7 r4 v) l0 Y/ J3 ?% {4 e
net.ipv6.conf.default.router_solicitation_interval = 46 a" N4 o' m+ d0 i" D
net.ipv6.conf.default.router_solicitation_delay = 1
" C+ Y4 } R) t; K' [) X( |' m4 l3 Ynet.ipv6.conf.default.force_mld_version = 02 L2 Z; u1 L7 q- f6 N
net.ipv6.conf.default.use_tempaddr = 08 p; \& U' H6 S- u8 o) Q! D
net.ipv6.conf.default.temp_valid_lft = 604800
. M4 g: s7 X8 ]; h' s# N3 knet.ipv6.conf.default.temp_prefered_lft = 86400
. b3 q$ O! a7 F6 [net.ipv6.conf.default.regen_max_retry = 5
& ~5 d( O T1 t. ?# Hnet.ipv6.conf.default.max_desync_factor = 6003 f- n# l1 F4 G# `) o. L" A
net.ipv6.conf.default.max_addresses = 16
2 u3 q4 t! Y, j9 q# E( cnet.ipv6.conf.default.accept_ra_defrtr = 1. q8 k4 f9 [2 H, v9 K2 w* M0 @7 A7 ?
net.ipv6.conf.default.accept_ra_pinfo = 1
( p' a7 l2 L. R& y& `3 Znet.ipv6.conf.default.accept_ra_rtr_pref = 1' {# e$ Z k, a
net.ipv6.conf.default.router_probe_interval = 60/ u F$ v+ W. J+ d3 {
net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
+ p p8 w K& P" J/ _- J, Onet.ipv6.conf.default.proxy_ndp = 0
, U8 u( X& @3 Z5 Inet.ipv6.conf.default.accept_source_route = 0" J5 r/ N2 A$ v& v4 }% Q
net.ipv6.conf.default.optimistic_dad = 0; b3 B9 ~( P4 K- c/ a+ I
net.ipv6.conf.default.mc_forwarding = 0
, q/ M8 N" C. e f$ I3 K! I9 l! B0 Lnet.ipv6.conf.default.disable_ipv6 = 0( u' [$ f/ u+ _
net.ipv6.conf.default.accept_dad = 1 b: Z4 H* m/ n3 @5 E1 s+ w" p: ?1 \
net.ipv6.conf.lo.forwarding = 0: e+ U6 v- G5 j5 v
net.ipv6.conf.lo.hop_limit = 64; M* b6 q, s3 u7 `0 i; g
net.ipv6.conf.lo.mtu = 655361 V) b" j1 T9 n6 P
net.ipv6.conf.lo.accept_ra = 1
5 k: P- Q5 U# C+ ^net.ipv6.conf.lo.accept_redirects = 1
* _+ b- P2 P; h0 knet.ipv6.conf.lo.autoconf = 1
O5 B( ~, y% j3 P) R: _' jnet.ipv6.conf.lo.dad_transmits = 14 ^/ }: j: ^8 ^: j5 N
net.ipv6.conf.lo.router_solicitations = 38 x- T1 t1 L' L: c
net.ipv6.conf.lo.router_solicitation_interval = 4
: x# B$ k1 M3 |net.ipv6.conf.lo.router_solicitation_delay = 1$ H6 E$ i4 W3 ?
net.ipv6.conf.lo.force_mld_version = 0
" Q2 A# b) c" X+ unet.ipv6.conf.lo.use_tempaddr = -19 ^4 i4 a9 X1 I" x
net.ipv6.conf.lo.temp_valid_lft = 604800
6 A4 H/ r) ~& `- _6 c" H! v/ Tnet.ipv6.conf.lo.temp_prefered_lft = 864003 i/ L- o( _7 t7 F7 V! c- E
net.ipv6.conf.lo.regen_max_retry = 5& v- q! ?1 Q' e8 M8 e% L) O2 `
net.ipv6.conf.lo.max_desync_factor = 600
8 ~6 [. N: [0 gnet.ipv6.conf.lo.max_addresses = 16$ c( T0 @% b; j' {
net.ipv6.conf.lo.accept_ra_defrtr = 16 t$ k% D8 \* o
net.ipv6.conf.lo.accept_ra_pinfo = 1; } H- E4 D7 r/ }0 m+ y) r
net.ipv6.conf.lo.accept_ra_rtr_pref = 1
2 R! p( k# f: L$ q+ fnet.ipv6.conf.lo.router_probe_interval = 608 V, n3 D+ R, _0 q& [6 ^; C- e
net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
% o2 b% [; ~+ t' B" [- T4 }net.ipv6.conf.lo.proxy_ndp = 0
& ?" x% Y" w ^9 pnet.ipv6.conf.lo.accept_source_route = 0
* V6 T" w6 |# T+ ?8 K1 U; N: W2 ^net.ipv6.conf.lo.optimistic_dad = 0
' L( [' n2 q& w+ o1 r) inet.ipv6.conf.lo.mc_forwarding = 0) d$ K( v2 [, A! j" m* Z' Q. v$ {8 {
net.ipv6.conf.lo.disable_ipv6 = 0
4 K) z8 k, }' \' Q9 M* @. J6 ~net.ipv6.conf.lo.accept_dad = -1
9 q, K# _5 O4 onet.ipv6.conf.eth0.forwarding = 08 R4 A7 Z, {7 k
net.ipv6.conf.eth0.hop_limit = 64
/ _ a0 ]8 g4 [% K1 }. @# [net.ipv6.conf.eth0.mtu = 1500
; n/ K3 Z9 {0 z! {net.ipv6.conf.eth0.accept_ra = 1
, R9 v9 _, j" t7 d, y0 vnet.ipv6.conf.eth0.accept_redirects = 18 [$ G' ~! W+ [; Y- @' Q3 u
net.ipv6.conf.eth0.autoconf = 1
8 ?* D m7 |, U% E0 p( tnet.ipv6.conf.eth0.dad_transmits = 1
" `6 V+ X" n2 t* J3 {& Knet.ipv6.conf.eth0.router_solicitations = 3
5 O* J# N0 }0 p( P" [% v! ]* Vnet.ipv6.conf.eth0.router_solicitation_interval = 4
, h/ {5 @; Y! ]9 Jnet.ipv6.conf.eth0.router_solicitation_delay = 1, k7 j( t! b+ G% W/ j
net.ipv6.conf.eth0.force_mld_version = 0
- k) b; ~. M( i W% Q$ ?( L. i) @' Gnet.ipv6.conf.eth0.use_tempaddr = 08 G, g& r4 V0 j! u" q- c! {: |% `- `
net.ipv6.conf.eth0.temp_valid_lft = 604800
, }! g7 M" a: q$ Vnet.ipv6.conf.eth0.temp_prefered_lft = 86400& L3 R5 Z6 s' ~; B" }, D
net.ipv6.conf.eth0.regen_max_retry = 58 j# N. _: [1 m8 B
net.ipv6.conf.eth0.max_desync_factor = 600 o* W: V* I! _& H5 {) x
net.ipv6.conf.eth0.max_addresses = 16
' }9 {2 \' A: g2 L1 H" ynet.ipv6.conf.eth0.accept_ra_defrtr = 1) _# \$ P) p3 {8 S, ?& I% S4 f4 Q
net.ipv6.conf.eth0.accept_ra_pinfo = 1
- @8 h4 Z9 G) V+ \! W1 r! U0 C+ }net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
5 A% P( V/ y7 F \7 K0 pnet.ipv6.conf.eth0.router_probe_interval = 60
( r1 @& b, b# c6 i5 |" P( d1 Ynet.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
, U9 N' a5 \* ]! a' W. l0 r! Vnet.ipv6.conf.eth0.proxy_ndp = 0
# P% w- f8 p. ?, i8 X; S" _* i1 Onet.ipv6.conf.eth0.accept_source_route = 02 |8 k. V% \/ r/ Z" V' T: `; [
net.ipv6.conf.eth0.optimistic_dad = 0
4 s i) L& |- T7 X2 A2 y# L1 Hnet.ipv6.conf.eth0.mc_forwarding = 0
6 v. @' H/ ^. P, W* V' knet.ipv6.conf.eth0.disable_ipv6 = 0
0 b$ ~4 L X3 F% Bnet.ipv6.conf.eth0.accept_dad = 1. m- A* b' ?' [. _$ x
net.ipv6.conf.pan0.forwarding = 09 S) s. `2 |+ H+ m" W
net.ipv6.conf.pan0.hop_limit = 64
7 @. b& A: g8 i3 anet.ipv6.conf.pan0.mtu = 1500
/ A9 j5 T# s7 pnet.ipv6.conf.pan0.accept_ra = 1* `" X& t. K2 V6 P% B7 z: q
net.ipv6.conf.pan0.accept_redirects = 1
1 t! G2 g+ }" k' S* I$ l& w: Mnet.ipv6.conf.pan0.autoconf = 1 N- `' D. a6 o. L/ F8 s+ V6 n
net.ipv6.conf.pan0.dad_transmits = 1: D6 l) |% t- w: |- _
net.ipv6.conf.pan0.router_solicitations = 3- I, K4 e( B/ k/ _2 T
net.ipv6.conf.pan0.router_solicitation_interval = 4* U: l- |- k" ^
net.ipv6.conf.pan0.router_solicitation_delay = 1/ R: ?7 b7 |* |7 b U7 l3 _- N
net.ipv6.conf.pan0.force_mld_version = 0
: F6 {5 J! S0 D g6 ]+ Z; K! gnet.ipv6.conf.pan0.use_tempaddr = 0" ^ R3 I0 ~, @ R# l& H! b% P
net.ipv6.conf.pan0.temp_valid_lft = 604800
" w# t2 Q8 w: Q( |9 ^net.ipv6.conf.pan0.temp_prefered_lft = 86400
4 u; f1 z) _: n) N+ N+ P3 L' Pnet.ipv6.conf.pan0.regen_max_retry = 5# M! g" l# l. V' p
net.ipv6.conf.pan0.max_desync_factor = 600
% ]7 R3 Z5 k2 A6 znet.ipv6.conf.pan0.max_addresses = 16# G9 ?1 _1 j! C. N6 i: ?- X
net.ipv6.conf.pan0.accept_ra_defrtr = 1
" E3 B2 }0 i2 snet.ipv6.conf.pan0.accept_ra_pinfo = 1& L/ t2 ?! @" |8 l% _$ Q/ v# V' R
net.ipv6.conf.pan0.accept_ra_rtr_pref = 15 L: D. p' a. i+ M* Z$ c
net.ipv6.conf.pan0.router_probe_interval = 609 b7 U4 q. }0 r8 P3 z
net.ipv6.conf.pan0.accept_ra_rt_info_max_plen = 0
' J& r2 O+ J- j2 M& |5 T9 B1 Pnet.ipv6.conf.pan0.proxy_ndp = 0; s Z2 `3 S& E
net.ipv6.conf.pan0.accept_source_route = 0
" `4 N( x% N8 z6 Q# ~net.ipv6.conf.pan0.optimistic_dad = 0. X6 i4 Z6 h- p! v! \9 v
net.ipv6.conf.pan0.mc_forwarding = 0
7 T- S; L2 K* t% s& J0 V, Qnet.ipv6.conf.pan0.disable_ipv6 = 0
$ T: K4 L5 w) {5 L- m5 `' @% knet.ipv6.conf.pan0.accept_dad = 1% W6 f7 D& B6 ~6 G' K# V$ C; j
net.ipv6.ip6frag_high_thresh = 4194304
$ x6 U( l* m" N9 h: a' O5 gnet.ipv6.ip6frag_low_thresh = 3145728+ A+ Q5 l/ x. E
net.ipv6.ip6frag_time = 60* Q g b+ K, [* u9 ^* h. F
net.ipv6.route.gc_thresh = 1024. o9 ?! e- s7 {# t2 U4 N
net.ipv6.route.max_size = 40963 `- J1 y/ o# V' S" ^" f1 V$ Y
net.ipv6.route.gc_min_interval = 0
5 ^6 Z6 g% ~! U$ ~" h( k$ Q% d, Unet.ipv6.route.gc_timeout = 60
% h- c8 b8 Q6 r6 Enet.ipv6.route.gc_interval = 30# U7 J- s5 v1 H
net.ipv6.route.gc_elasticity = 0
/ t& J W$ l8 m& N; `/ Q+ F: Bnet.ipv6.route.mtu_expires = 600
! O2 z6 y! `% \" z- H9 gnet.ipv6.route.min_adv_mss = 1
. b3 n6 \0 A" | pnet.ipv6.route.gc_min_interval_ms = 500& m! M8 d, r9 |% b& c. j- i2 V
net.ipv6.icmp.ratelimit = 1000
* V0 w6 l+ d. ~1 A! J0 fnet.ipv6.bindv6only = 0" [- h! ?5 P+ Y$ t5 |, w
net.ipv6.nf_conntrack_frag6_timeout = 60: U. b! A6 n! F3 D9 ~
net.ipv6.nf_conntrack_frag6_low_thresh = 3145728
) L) }' O1 n4 K6 y7 ~net.ipv6.nf_conntrack_frag6_high_thresh = 4194304 J; a6 [ x$ k
net.ipv6.ip6frag_secret_interval = 600
+ |( l' E( m: I1 `net.ipv6.mld_max_msf = 64
5 D$ [5 p' r: Ynet.nf_conntrack_max = 65536) M h( D b( {! I" Y# c
net.bridge.bridge-nf-call-arptables = 1
: T6 u, Z" T i6 f1 g; Znet.bridge.bridge-nf-call-iptables = 1) ~% C! P' M3 w3 ~, ^- G
net.bridge.bridge-nf-call-ip6tables = 1
, H1 N8 f" }, K dnet.bridge.bridge-nf-filter-vlan-tagged = 0
0 {& Z, y$ s. g+ k z. Nnet.bridge.bridge-nf-filter-pppoe-tagged = 07 I' s& ^5 C; G0 v& w* e
net.unix.max_dgram_qlen = 10 ^( f9 U4 _7 f. |1 a0 x. M
abi.vsyscall32 = 1
! ^# t+ I. }# t' Rcrypto.fips_enabled = 0 |
|
发表于 2022-7-16 07:25:10