1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
|
eout "{glob} loading sysctl.rules"
# START SYSCTL config
if [ "$SYSCTL_CONNTRACK" == "" ]; then
SYSCTL_CONNTRACK = 28000
fi
echo $SYSCTL_CONNTRACK > /proc/sys/net/ipv4/ip_conntrack_max
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
if [ "$SYSCTL_LOGMARTIANS" == "1" ]; then
eout "{glob} setting sysctl_logmartians enabled"
echo 1 > /proc/sys/net/ipv4/conf/$IFACE_IN/log_martians
echo 1 > /proc/sys/net/ipv4/conf/$IFACE_OUT/log_martians
else
eout "{glob} setting sysctl_logmartians disabled"
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_IN/log_martians
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_OUT/log_martians
fi
if [ "$SYSCTL_ECN" == "1" ]; then
eout "{glob} setting sysctl_ecn enabled"
echo 1 > /proc/sys/net/ipv4/tcp_ecn
else
eout "{glob} setting sysctl_ecn disabled"
echo 0 > /proc/sys/net/ipv4/tcp_ecn
fi
if [ "$SYSCTL_SYNCOOKIES" == "1" ]; then
eout "{glob} setting sysctl_syncookies enabled"
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
else
eout "{glob} setting sysctl_syncookies disabled"
echo 0 > /proc/sys/net/ipv4/tcp_syncookies
fi
if [ "$SYSCTL_OVERFLOW" == "1" ]; then
eout "{glob} setting sysctl_overflow enabled"
echo 1 > /proc/sys/net/ipv4/tcp_abort_on_overflow
else
eout "{glob} setting sysctl_overflow disabled"
echo 0 > /proc/sys/net/ipv4/tcp_abort_on_overflow
fi
# TCP Parameters
if [ "$SYSCTL_TCP" == "1" ]; then
eout "{glob} setting sysctl_tcp enabled"
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo 1 > /proc/sys/net/ipv4/tcp_dsack
echo 1 > /proc/sys/net/ipv4/tcp_fack
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 3 > /proc/sys/net/ipv4/tcp_retries1
else
echo 0 > /proc/sys/net/ipv4/tcp_sack
echo 0 > /proc/sys/net/ipv4/tcp_dsack
echo 0 > /proc/sys/net/ipv4/tcp_fack
fi
# SYN Parameters
if [ "$SYSCTL_SYN" == "1" ]; then
eout "{glob} setting sysctl_syn enabled"
echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
echo 2048 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 3 > /proc/sys/net/ipv4/tcp_syn_retries
fi
# Routing Parameters
if [ "$SYSCTL_ROUTE" == "1" ]; then
eout "{glob} setting sysctl_routing enabled"
echo 1 > /proc/sys/net/ipv4/conf/$IFACE_IN/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/$IFACE_OUT/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_IN/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_OUT/accept_source_route
echo 0 > /proc/sys/net/ipv4/conf/all/bootp_relay
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 0 > /proc/sys/net/ipv4/secure_redirects
echo 0 > /proc/sys/net/ipv4/send_redirects
echo 0 > /proc/sys/net/ipv4/proxy_arp
else
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_IN/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/$IFACE_OUT/rp_filter
echo 1 > /proc/sys/net/ipv4/conf/all/bootp_relay
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
echo 1 > /proc/sys/net/ipv4/route/flush
# END SYSCTL config
|