net.ipv4.ip_forward=1 # Sonst landen ICMP-Fehlerpakete auf eth0 - mit source-IP 10.222.x.y... # https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt net.ipv4.icmp_errors_use_inbound_ifaddr = 1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.neigh.default.gc_thresh3=4096 net.ipv6.neigh.default.gc_thresh2=2048 net.ipv6.neigh.default.gc_thresh1=1024 net.ipv6.neigh.default.gc_interval=3600 net.ipv6.neigh.default.gc_stale_time=3600 # decrease nf_conntrack_tcp_timeout_established - default=432000 net.netfilter.nf_conntrack_tcp_timeout_established=86400 net.netfilter.nf_conntrack_max=65536 net.netfilter.nf_conntrack_buckets=16384 # reboot after kernel panic kernel.panic=1