Net. ipv4.tcp _ syncookies = 1net. ipv4.tcp _ tw_reuse = 1net. ipv4.tcp _ tw_recycle = 1net. ipv4.tcp _ fin_timeout = 30 description: net. ipv4.tcp _ syncookies = 1 indicates enabling SYNCookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks.
Net. ipv4.tcp _ syncookies = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ fin_timeout = 30
Note:
Net. ipv4.tcp _ syncookies = 1 indicates enabling SYN Cookies. When a SYN wait queue overflows, cookies are enabled to prevent a small number of SYN attacks. The default value is 0, indicating that the process is disabled;
Net. ipv4.tcp _ tw_reuse = 1 indicates Enabling reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection. the default value is 0, indicating that the TCP connection is disabled;
Net. ipv4.tcp _ tw_recycle = 1 indicates to enable quick recovery of TIME-WAIT sockets in TCP connections. the default value is 0, indicating to disable it.
Run the following command to make the modification take effect immediately:
/Sbin/sysctl-p
Use the following statement to check the TCP status of the server:
Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'
The returned results are as follows:
ESTABLISHED 1423
FIN_WAIT1 1
FIN_WAIT2 262
SYN_SENT 1
TIME_WAIT 962
Effect: The number of sockets in the TIME_WAIT status is reduced from more than 10000 to about 1000. Sockets in the SYN_RECV waiting for processing status is 0, and the original value is 50 ~ 300.
