vi /etc/sysctl.conf
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl =15
net.ipv4.tcp_retries2 = 5
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_orphans = 32768
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_wmem = 51200 131072 204800
net.ipv4.tcp_rmem = 51200 131072 204800
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.ip_conntrack_max = 65536
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.icmp_echo_ignore_all=1
fs.file-max=65535
vm.swappiness = 0
vm.overcommit_memory = 1
vm.max_map_count=655360
sysctl -p # 使参数生效,永久生效
iptables -A INPUT -p icmp --icmp-type 8 -j DROP
service iptables save
systemctl restart iptables.service
签名:这个人很懒,什么也没有留下!
