Linux sysctl command parameters in a detailed

Source: Internet
Author: User

The Linux kernel exports kernel information to the user through the/proc virtual file system, and the user can dynamically configure the kernel either through the/proc file system or through SYSCTL commands. For example, if we want to start NAT, we need to start the kernel forwarding function in addition to loading modules and configuring firewalls. We have three ways to:

1. Direct write/proc file system # echo 1 >/proc/sys/net/ipv4/ip_forward

2. Use sysctl command # sysctl-w net.ipv4.ip_forward=1 sysctl-a to view all exported variables of the kernel

3. Edit/etc/sysctl.conf Add the following line so that the value of the variable is 1 Net.ipv4.ip_forward = 1 after each boot of the system

Sysctl is a command in the PROCFS software, and the package also provides commands such as W, PS, Vmstat, Pgrep, Pkill, top, slabtop, etc.

Sysctl The kernel parameters that are configured and displayed in the/proc/sys directory. You can use Sysctl to set up or reset networking features such as IP forwarding, IP fragment removal, and source routing checks. Users only need to edit the/etc/sysctl.conf file to manually or automatically perform the functions controlled by sysctl.

Command format: sysctl [-n] [-e]-W variable=value sysctl [-n] [-e]-P <filename> (default/etc/sysctl.conf) sysctl [ -n] [-e]-a common parameter meaning:-W temporarily changes the value of a specified parameter, such as Sysctl-w net.ipv4.ip_forward=1-a display all system parameters-p from the specified file loading system Parameters, if not specified, are loaded from/etc/sysctl.conf if you want to temporarily change the value of a system parameter, you can do it in two ways, such as to enable IP Routing and forwarding: 1) #echo 1 >/proc/sys/net/ipv4/ip_for Ward 2) #sysctl-W net.ipv4.ip_forward=1 both methods may immediately turn on routing, but if the system restarts or the # Service network Restart command is executed, the value set will be lost if To permanently retain the configuration, you can modify the/etc/sysctl.conf file to change net.ipv4.ip_forward=0 to Net.ipv4.ip_forward=1

The

Sysctl is an interface that allows you to change a running Linux system. It contains advanced options for both the TCP/IP stack and the virtual memory system, which allows experienced administrators to improve compelling system performance. More than 500 system variables can be read with Sysctl. Based on this, SYSCTL (8) provides two functions: Read and modify system settings. View all readable variables:% sysctl-a read a specified variable, for example Kern.maxproc:% sysctl kern.maxproc kern.maxproc:1044 to set a specified variable, directly with variable=value such Syntax: # sysctl kern.maxfiles=5000 kern.maxfiles:2088, 5000 You can modify system variables by using SYSCTL, or you can modify the system variables by editing the sysctl.conf file. Sysctl.conf looks very much like rc.conf. It uses the form of Variable=value to set the value. The specified value is set after the system enters multi-user mode. Not all variables can be set in this mode. The SYSCTL variable is usually set to a string, a number, or a Boolean type. (Boolean is used to denote ' yes ';

Sysctl-w kernel.sysrq=0 sysctl-w kernel.core_uses_pid=1 sysctl-w net.ipv4.conf.default.accept_redirects=0 sysctl-w NE T.ipv4.conf.default.accept_source_route=0 sysctl-w net.ipv4.conf.default.rp_filter=1 sysctl-w net.ipv4.tcp_ Syncookies=1 sysctl-w net.ipv4.tcp_max_syn_backlog=2048 sysctl-w net.ipv4.tcp_fin_timeout=30 sysctl-w net.ipv4.tcp_ synack_retries=2 sysctl-w net.ipv4.tcp_keepalive_time=3600 sysctl-w net.ipv4.tcp_window_scaling=1 sysctl-w Net.ipv4.tcp_sack=1

Configure Sysctl

Edit this file:

Vi/etc/sysctl.conf

If the file is empty, enter the following, or make your own adjustments as appropriate:

# Controls Source Route verification # Default should work for all interfaces Net.ipv4.conf.default.rp_filter = 1 # Net.ip V4.conf.all.rp_filter = 1 # net.ipv4.conf.lo.rp_filter = 1 # net.ipv4.conf.eth0.rp_filter = 1

# disables IP source routing # Default should work for all interfaces Net.ipv4.conf.default.accept_source_route = 0 # net. Ipv4.conf.all.accept_source_route = 0 # net.ipv4.conf.lo.accept_source_route = 0 # Net.ipv4.conf.eth0.accept_source_ Route = 0

# Controls The System Request debugging functionality of the kernel KERNEL.SYSRQ = 0

# Controls Whether core dumps would append the PID to the core filename. # Useful for debugging multi-threaded applications. Kernel.core_uses_pid = 1

# Increase maximum amount of memory allocated to SHM # only uncomment if needed! # Kernel.shmmax = 67108864

# Disable ICMP Redirect Acceptance # Default should work for all interfaces net.ipv4.conf.default.accept_redirects = 0 # N et.ipv4.conf.all.accept_redirects = 0 # net.ipv4.conf.lo.accept_redirects = 0 # net.ipv4.conf.eth0.accept_redirects = 0

# Enable Log spoofed Packets, Source Routed Packets, Redirect Packets # Default should work for all interfaces net.ipv4.co Nf.default.log_martians = 1 # net.ipv4.conf.all.log_martians = 1 # net.ipv4.conf.lo.log_martians = 1 # net.ipv4.conf.eth0. Log_martians = 1

# Decrease the time default value for tcp_fin_timeout connection Net.ipv4.tcp_fin_timeout = 25

# Decrease the time default value for Tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1200

# Turn on the tcp_window_scaling net.ipv4.tcp_window_scaling = 1

# Turn on the tcp_sack net.ipv4.tcp_sack = 1

# Tcp_fack should be on because of sack Net.ipv4.tcp_fack = 1

# Turn on the tcp_timestamps net.ipv4.tcp_timestamps = 1

# Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1

# Enable Ignoring broadcasts request Net.ipv4.icmp_echo_ignore_broadcasts = 1

# Enable Bad error message Protection net.ipv4.icmp_ignore_bogus_error_responses = 1

# make more local ports available # Net.ipv4.ip_local_port_range = 1024 65000

# Set TCP re-ordering value in kernel to ' 5′net.ipv4.tcp_reordering = 5

# Lower SYN Retry Rates net.ipv4.tcp_synack_retries = 2 Net.ipv4.tcp_syn_retries = 3

# Set Max SYN Backlog to ' 2048′net.ipv4.tcp_max_syn_backlog = 2048

# Various Settings Net.core.netdev_max_backlog = 1024

# Increase the maximum number of skb-heads to be cached net.core.hot_list_length = 256

# Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 360000

# This would increase the amount of memory available for socket input/output queues Net.core.rmem_default = 65535 net.core. Rmem_max = 8388608 Net.ipv4.tcp_rmem = 4096 87380 8388608 Net.core.wmem_default = 65535 Net.core.wmem_max = 8388608 Net.ip V4.tcp_wmem = 4096 65535 8388608 Net.ipv4.tcp_mem = 8388608 8388608 8388608 Net.core.optmem_max = 40960

If you want to block someone from pinging your console, add the following code:

# Disable Ping Requests Net.ipv4.icmp_echo_ignore_all = 1

After editing is complete, execute the following command to make the change effective immediately:

/sbin/sysctl-p/sbin/sysctl-w net.ipv4.route.flush=1

We often in the Linux/proc/sys directory, manually set some kernel parameters or directly echo specific values to a proc under the virtual file, to facilitate the opening of certain files, such as the setting of the automatic start IP forwarding:echo "1" >/proc/sys/net/ipv4/ip_forward

In fact, in Linux we can also use the SYSCTL command can be easily to view, set or automatically configure the specific kernel settings. We can enter "sysctl-a" under the system prompt symbol, such as after: Abi.defhandler_coff = 117440515

Dev.raid.speed_limit_max = 100000

Net.ipv4.conf.default.send_redirects = 1

Net.ipv4.conf.default.secure_redirects = 1

Net.ipv4.conf.default.accept_redirects = 1

net.ipv4.conf.default.mc_forwarding = 0

Net.ipv4.neigh.lo.delay_first_probe_time = 5

Net.ipv4.neigh.lo.base_reachable_time = 30

Net.ipv4.icmp_ratelimit = 100

Net.ipv4.inet_peer_gc_mintime = 10

Net.ipv4.igmp_max_memberships = 20

Net.ipv4.ip_no_pmtu_disc = 0

Net.core.no_cong_thresh = 20

Net.core.netdev_max_backlog = 300

Net.core.rmem_default = 65535

Net.core.wmem_max = 65535

VM.KSWAPD = 512 32 8

Vm.overcommit_memory = 0

Vm.bdflush = 30 64 64 256 500 3000 60 0 0

Vm.freepages = 351 702 1053

Kernel.sem = 250 32000 32 128

Kernel.panic = 0

Kernel.domainname = (None)

Kernel.hostname = pc02.shinewave.com.tw

Kernel.version = #1 Tue Oct 20:11:04 EST 2001

Kernel.osrelease = 2.4.9-13

Kernel.ostype = Linux

Fs.dentry-state = 1611 969 45 0 0 0

Fs.file-nr = 1121 73 8192

fs.inode-state = 1333 523 0 0 0 0 0

Linux sysctl command parameters in a detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.