centos7 内核优化

2021/6/23 7:28:25

编程Tag： 优化 default centos7 Tcp 内核 IPv4 net max conf

本文主要是介绍centos7 内核优化，对大家解决编程问题具有一定的参考价值，需要的程序猿们随着小编来一起学习吧！

修改内核配置文件

vim /etc/sysctl.conf

刷新配置文件

sysctl -p

关IPv6

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

避免放大攻.击

net.ipv4.icmp_echo_ignore_broadcasts = 1

开启恶意的ICMP错误消息保护

net.ipv4.icmp_ignore_bogus_error_responses = 1

关闭路由转发

net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

开启反向路径过滤

net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

处理无源路由的包

net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

关SysRq功能

kernel.sysrq = 0

开SYN洪水攻.击保护

net.ipv4.tcp_syncookies = 1

修改消息队列长度

kernel.msgmnb = 65536
kernel.msgmax = 65536

设置最大内存共享段大小bytes

kernel.shmmax = 68719476736
kernel.shmall = 4294967296
TIME_WAIT的数量默认为180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

每个网络接口接收数据包速率比内核处理这些包的速率快时允许送到队列数据包的最大数目

net.core.netdev_max_backlog = 262144

限制仅仅是为防止简单的DoS***

net.ipv4.tcp_max_orphans = 3276800

未收到客户端确认信息的连接请求最大值

net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0

内核放弃建立连接之前发送SYNACK包数量

net.ipv4.tcp_synack_retries = 1

内核放弃建立连接之前发送SYN包数量

net.ipv4.tcp_syn_retries = 1

开TIME_WAIT快速回收

net.ipv4.tcp_tw_recycle = 1

允许将TIME_WAIT Sockets重新用于新TCP连接

net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1

当KeepAlive起用的时候TCP发送KeepAlive消息的频度缺省是2小时

net.ipv4.tcp_keepalive_time = 30

允许系统打开端口范围

net.ipv4.ip_local_port_range = 1024 65000

修改防火墙的表大小默认65536

net.netfilter.nf_conntrack_max = 655350
net.netfilter.nf_conntrack_tcp_timeout_established = 1200

这篇关于centos7 内核优化的文章就介绍到这儿，希望我们推荐的文章对大家有所帮助，也希望大家多多支持为之网！

centos7 内核优化

相关编程文章