今天小編跟大家分享一篇關(guān)于配置Sysctl優(yōu)化服務(wù)器的詳細(xì)教程，感興趣的朋友跟小編一起來(lái)了解一下吧!

　　配置Sysctl

　　編輯此文件：

　　nano -w /etc/sysctl.conf

　　如果該文件為空，則輸入以下內(nèi)容，否則請(qǐng)根據(jù)情況自己做調(diào)整：

　　# Controls source route verification

　　# Default should work for all interfaces

　　net.ipv4.conf.default.rp_filter = 1

　　# net.ipv4.conf.all.rp_filter = 1

　　# net.ipv4.conf.lo.rp_filter = 1

　　# net.ipv4.conf.eth0.rp_filter = 1

　　# Disables IP source routing

　　# Default should work for all interfaces

　　net.ipv4.conf.default.accept_source_route = 0

　　# net.ipv4.conf.all.accept_source_route = 0

　　# net.ipv4.conf.lo.accept_source_route = 0

　　# net.ipv4.conf.eth0.accept_source_route = 0

　　# Controls the System Request debugging functionality of the kernel

　　kernel.sysrq = 0

　　# Controls whether core dumps will append the PID to the core filename.

　　# Useful for debugging multi-threaded applications.

　　kernel.core_uses_pid = 1

　　# Increase maximum amount of memory allocated to shm

　　# Only uncomment if needed!

　　# kernel.shmmax = 67108864

　　# Disable ICMP Redirect Acceptance

　　# Default should work for all interfaces

　　net.ipv4.conf.default.accept_redirects = 0

　　# net.ipv4.conf.all.accept_redirects = 0

　　# net.ipv4.conf.lo.accept_redirects = 0

　　# net.ipv4.conf.eth0.accept_redirects = 0

　　# Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets

　　# Default should work for all interfaces

　　net.ipv4.conf.default.log_martians = 1

　　# net.ipv4.conf.all.log_martians = 1

　　# net.ipv4.conf.lo.log_martians = 1

　　# net.ipv4.conf.eth0.log_martians = 1

　　# Decrease the time default value for tcp_fin_timeout connection

　　net.ipv4.tcp_fin_timeout = 25

　　# Decrease the time default value for tcp_keepalive_time connection

　　net.ipv4.tcp_keepalive_time = 1200

　　# Turn on the tcp_window_scaling

　　net.ipv4.tcp_window_scaling = 1

　　# Turn on the tcp_sack

　　net.ipv4.tcp_sack = 1

　　# tcp_fack should be on because of sack

　　net.ipv4.tcp_fack = 1

　　# Turn on the tcp_timestamps

　　net.ipv4.tcp_timestamps = 1

　　# Enable TCP SYN Cookie Protection

　　net.ipv4.tcp_syncookies = 1

　　# Enable ignoring broadcasts request

　　net.ipv4.icmp_echo_ignore_broadcasts = 1

　　# Enable bad error message Protection

　　net.ipv4.icmp_ignore_bogus_error_responses = 1

　　# Make more local ports available

　　# net.ipv4.ip_local_port_range = 1024 65000

　　# Set TCP Re-Ordering value in kernel to ‘5′

　　net.ipv4.tcp_reordering = 5

　　# Lower syn retry rates

　　net.ipv4.tcp_synack_retries = 2

　　net.ipv4.tcp_syn_retries = 3

　　# Set Max SYN Backlog to ‘2048′

　　net.ipv4.tcp_max_syn_backlog = 2048

　　# Various Settings

　　net.core.netdev_max_backlog = 1024

　　# Increase the maximum number of skb-heads to be cached

　　net.core.hot_list_length = 256

　　# Increase the tcp-time-wait buckets pool size

　　net.ipv4.tcp_max_tw_buckets = 360000

　　# This will increase the amount of memory available for socket input/output queues

　　net.core.rmem_default = 65535

　　net.core.rmem_max = 8388608

　　net.ipv4.tcp_rmem = 4096 87380 8388608

　　net.core.wmem_default = 65535

　　net.core.wmem_max = 8388608

　　net.ipv4.tcp_wmem = 4096 65535 8388608

　　net.ipv4.tcp_mem = 8388608 8388608 8388608

　　net.core.optmem_max = 40960

　　如果希望屏蔽別人 ping 你的主機(jī)，則加入以下代碼：

　　# Disable ping requests

　　net.ipv4.icmp_echo_ignore_all = 1

　　編輯完成后，請(qǐng)執(zhí)行以下命令使變動(dòng)立即生效：

　　/sbin/sysctl -p

　　/sbin/sysctl -w net.ipv4.route.flush=1

　　以上就是關(guān)于配置Sysctl優(yōu)化服務(wù)器的詳細(xì)教程，想必都了解了吧，更多相關(guān)內(nèi)容請(qǐng)繼續(xù)關(guān)注愛站技術(shù)頻道。

標(biāo)簽： 代碼 服務(wù)器

版權(quán)申明：本站文章部分自網(wǎng)絡(luò)，如有侵權(quán)，請(qǐng)聯(lián)系：west999com@outlook.com
特別注意：本站所有轉(zhuǎn)載文章言論不代表本站觀點(diǎn)！
本站所提供的圖片等素材，版權(quán)歸原作者所有，如需使用，請(qǐng)與原作者聯(lián)系。