|
|
|
net.ipv4.ip_forward=1
|
|
|
|
# Sonst landen ICMP-Fehlerpakete auf eth0 - mit source-IP 10.222.x.y...
|
|
|
|
# https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
|
|
|
net.ipv4.icmp_errors_use_inbound_ifaddr = 1
|
|
|
|
|
|
|
|
net.ipv6.conf.all.forwarding=1
|
|
|
|
|
|
|
|
net.ipv6.conf.all.autoconf = 0
|
|
|
|
net.ipv6.conf.default.autoconf = 0
|
|
|
|
|
|
|
|
net.ipv6.conf.all.accept_ra = 0
|
|
|
|
net.ipv6.conf.default.accept_ra = 0
|
|
|
|
|
|
|
|
net.ipv4.neigh.default.gc_thresh3=16384
|
|
|
|
net.ipv4.neigh.default.gc_thresh2=8192
|
|
|
|
net.ipv4.neigh.default.gc_thresh1=4096
|
|
|
|
net.ipv4.neigh.default.gc_interval=3600
|
|
|
|
net.ipv4.neigh.default.gc_stale_time=3600
|
|
|
|
|
|
|
|
net.ipv6.neigh.default.gc_thresh3=16384
|
|
|
|
net.ipv6.neigh.default.gc_thresh2=8192
|
|
|
|
net.ipv6.neigh.default.gc_thresh1=4096
|
|
|
|
net.ipv6.neigh.default.gc_interval=3600
|
|
|
|
net.ipv6.neigh.default.gc_stale_time=3600
|
|
|
|
|
|
|
|
# decrease nf_conntrack_tcp_timeout_established - default=432000
|
|
|
|
net.netfilter.nf_conntrack_max=1048576
|
|
|
|
net.netfilter.nf_conntrack_buckets=131072
|
|
|
|
net.netfilter.nf_conntrack_tcp_timeout_established=3600
|
|
|
|
|
|
|
|
# reboot after kernel panic
|
|
|
|
kernel.panic=1
|