├── README.md
├── bbr.sh
├── default
├── etc
    └── security
    │   └── limits.conf
├── resolved.conf
└── sysctl.conf


/README.md:
--------------------------------------------------------------------------------
 1 | # tcp-optimizer-bbr
 2 | A script improvement system network
 3 | 
 4 | ![IMG_۲۰۲۴۰۱۰۷_۰۲۰۵۵۵](https://github.com/user-attachments/assets/04f3ea3c-cf48-4961-9637-847457818cb1)
 5 | 
 6 | 
 7 | ## Install & Upgrade to latest Version
 8 | 
 9 | ```sh
10 | bash <(curl -Ls https://raw.githubusercontent.com/Shellgate/tcp_optimization_bbr/main/bbr.sh)
11 | ```
12 | 
13 | This configuration file for /etc/sysctl.conf applies advanced TCP and kernel tuning parameters aimed at optimizing network performance, particularly for high-throughput and low-latency environments.
14 | 


--------------------------------------------------------------------------------
/bbr.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | # Colors
  4 | RED="\e[38;5;131m"
  5 | GREEN="\e[38;5;108m"
  6 | BLUE="\e[38;5;75m"
  7 | CYAN="\e[38;5;51m"
  8 | AQUA="\e[38;5;45m"
  9 | LIME="\e[38;5;154m"
 10 | GRAY="\e[38;5;250m"
 11 | WHITE="\e[97m"
 12 | MAGENTA="\e[38;5;213m"
 13 | YELLOW="\e[38;5;228m"
 14 | BOLD="\e[1m"
 15 | RESET="\e[0m"
 16 | 
 17 | # Paths - sysctl
 18 | BACKUP_PATH="/etc/sysctl.conf.bbr.bak"
 19 | SYSCTL_PATH="/etc/sysctl.conf"
 20 | TMP_FILE="/tmp/sysctl.new"
 21 | SYSCTL_URL="https://raw.githubusercontent.com/Shellgate/tcp_optimization_bbr/main/sysctl.conf"
 22 | 
 23 | # Paths - limits
 24 | LIMITS_PATH="/etc/security/limits.conf"
 25 | LIMITS_BACKUP="/etc/security/limits.conf.bbr.bak"
 26 | LIMITS_TMP="/tmp/limits.new"
 27 | LIMITS_URL="https://raw.githubusercontent.com/Shellgate/tcp_optimization_bbr/main/etc/security/limits.conf"
 28 | 
 29 | # Function: System Info
 30 | function show_system_info() {
 31 |     CPU_MODEL=$(lscpu | grep "Model name" | sed 's/Model name:\s*//')
 32 |     CORES=$(nproc)
 33 |     RAM_TOTAL=$(free -h | awk '/^Mem:/ {print $2}')
 34 |     RAM_USED=$(free -h | awk '/^Mem:/ {print $3}')
 35 |     DISK_TOTAL=$(df -h / | awk 'NR==2 {print $2}')
 36 |     DISK_USED=$(df -h / | awk 'NR==2 {print $3}')
 37 |     DISK_AVAIL=$(df -h / | awk 'NR==2 {print $4}')
 38 |     KERNEL=$(uname -r)
 39 |     UPTIME=$(uptime -p)
 40 |     INTERFACE=$(ip route get 1.1.1.1 | awk '{print $5; exit}')
 41 |     SPEED=$(ethtool "$INTERFACE" 2>/dev/null | grep -i speed | awk '{print $2}')
 42 |     LOCAL_IP=$(hostname -I | awk '{print $1}')
 43 |     PUBLIC_IP=$(curl -s https://api.ipify.org)
 44 |     BBR_STATUS=$(sysctl net.ipv4.tcp_congestion_control | awk '{print $3}')
 45 |     BBR_ACTIVE=$(lsmod | grep bbr)
 46 |     PING_TEST=$(ping -c 1 -W 1 8.8.8.8 >/dev/null 2>&1 && echo "Online" || echo "Offline")
 47 | 
 48 |     echo -e "${AQUA}${BOLD}╔═══════════════ SYSTEM SUMMARY ═══════════════╗${RESET}"
 49 |     printf "${CYAN}%-15s${WHITE}%s\n" "CPU:" "$CPU_MODEL"
 50 |     printf "${CYAN}%-15s${LIME}%s${WHITE} cores\n" "Cores:" "$CORES"
 51 |     printf "${CYAN}%-15s${LIME}%s${WHITE} / ${LIME}%s${WHITE} used\n" "RAM:" "$RAM_USED" "$RAM_TOTAL"
 52 |     printf "${CYAN}%-15s${LIME}%s${WHITE} / ${LIME}%s${WHITE} used\n" "Disk:" "$DISK_USED" "$DISK_TOTAL"
 53 |     printf "${CYAN}%-15s${GRAY}%s available\n" "" "$DISK_AVAIL"
 54 |     printf "${MAGENTA}%-15s${WHITE}%s\n" "Kernel:" "$KERNEL"
 55 |     printf "${MAGENTA}%-15s${WHITE}%s\n" "Uptime:" "$UPTIME"
 56 |     echo -e "${GRAY}──────────────────── NETWORK ───────────────────${RESET}"
 57 |     printf "${CYAN}%-15s${WHITE}%s\n" "Interface:" "$INTERFACE"
 58 |     printf "${CYAN}%-15s${WHITE}%s\n" "Speed:" "${SPEED:-Unknown}"
 59 |     printf "${CYAN}%-15s${WHITE}%s\n" "Local IP:" "$LOCAL_IP"
 60 |     printf "${CYAN}%-15s${WHITE}%s\n" "Public IP:" "$PUBLIC_IP"
 61 |     printf "${CYAN}%-15s${WHITE}%s\n" "Internet:" "$PING_TEST"
 62 |     echo -e "${GRAY}───────────────────── BBR ─────────────────────${RESET}"
 63 |     printf "${CYAN}%-15s${WHITE}%s\n" "Congestion:" "$BBR_STATUS"
 64 |     if [[ "$BBR_ACTIVE" == *bbr* ]]; then
 65 |         printf "${CYAN}%-15s${LIME}Active${RESET}\n" "BBR Module:"
 66 |     else
 67 |         printf "${CYAN}%-15s${MAGENTA}Inactive${RESET}\n" "BBR Module:"
 68 |     fi
 69 |     echo -e "${AQUA}${BOLD}╚══════════════════════════════════════════════╝${RESET}"
 70 |     echo
 71 | }
 72 | 
 73 | # Function: Download and Apply sysctl.conf
 74 | function install_bbr() {
 75 |     echo -e "${BLUE}→ Preparing to install system optimization...${RESET}"
 76 |     [[ -f "$BACKUP_PATH" ]] && rm -f "$BACKUP_PATH"
 77 |     cp "$SYSCTL_PATH" "$BACKUP_PATH"
 78 |     echo -e "${GREEN}✓ Backup saved to $BACKUP_PATH${RESET}"
 79 | 
 80 |     curl -s -o "$TMP_FILE" "$SYSCTL_URL"
 81 |     if [[ $? -ne 0 ]]; then
 82 |         echo -e "${RED}✗ Failed to download configuration file.${RESET}"
 83 |         exit 1
 84 |     fi
 85 |     cp "$TMP_FILE" "$SYSCTL_PATH"
 86 |     echo -e "${GREEN}✓ Configuration applied.${RESET}"
 87 | 
 88 |     echo -e "${BLUE}→ Applied Changes:${RESET}"
 89 |     DIFF_OUTPUT=$(diff -u "$BACKUP_PATH" "$SYSCTL_PATH")
 90 |     if [[ -z "$DIFF_OUTPUT" ]]; then
 91 |         echo -e "${GRAY}(No differences shown)${RESET}"
 92 |     else
 93 |         while IFS= read -r line; do
 94 |             if [[ "$line" =~ ^\+ && ! "$line" =~ ^\+\+ ]]; then
 95 |                 echo -e "${GREEN}$line${RESET}"
 96 |             elif [[ "$line" =~ ^\- && ! "$line" =~ ^\-\- ]]; then
 97 |                 echo -e "${RED}$line${RESET}"
 98 |             else
 99 |                 echo -e "${WHITE:-\e[97m}$line${RESET}"
100 |             fi
101 |         done <<< "$DIFF_OUTPUT"
102 |     fi
103 |     sysctl -p > /dev/null 2>&1
104 |     echo
105 |     read -p "→ Reboot system now? [y/N]: " confirm
106 |     [[ "$confirm" =~ ^[Yy]$ ]] && reboot
107 | }
108 | 
109 | # Function: Download and Apply limits.conf
110 | function install_limits() {
111 |     echo -e "${BLUE}→ Preparing to install limits.conf optimization...${RESET}"
112 |     [[ -f "$LIMITS_BACKUP" ]] && rm -f "$LIMITS_BACKUP"
113 |     cp "$LIMITS_PATH" "$LIMITS_BACKUP"
114 |     echo -e "${GREEN}✓ Backup saved to $LIMITS_BACKUP${RESET}"
115 | 
116 |     curl -s -o "$LIMITS_TMP" "$LIMITS_URL"
117 |     if [[ $? -ne 0 ]]; then
118 |         echo -e "${RED}✗ Failed to download limits.conf file.${RESET}"
119 |         exit 1
120 |     fi
121 |     cp "$LIMITS_TMP" "$LIMITS_PATH"
122 |     echo -e "${GREEN}✓ limits.conf configuration applied.${RESET}"
123 | 
124 |     echo -e "${BLUE}→ Applied Changes:${RESET}"
125 |     DIFF_OUTPUT=$(diff -u "$LIMITS_BACKUP" "$LIMITS_PATH")
126 |     if [[ -z "$DIFF_OUTPUT" ]]; then
127 |         echo -e "${GRAY}(No differences shown)${RESET}"
128 |     else
129 |         while IFS= read -r line; do
130 |             if [[ "$line" =~ ^\+ && ! "$line" =~ ^\+\+ ]]; then
131 |                 echo -e "${GREEN}$line${RESET}"
132 |             elif [[ "$line" =~ ^\- && ! "$line" =~ ^\-\- ]]; then
133 |                 echo -e "${RED}$line${RESET}"
134 |             else
135 |                 echo -e "${WHITE:-\e[97m}$line${RESET}"
136 |             fi
137 |         done <<< "$DIFF_OUTPUT"
138 |     fi
139 |     echo
140 |     read -p "→ Reboot system now? [y/N]: " confirm
141 |     [[ "$confirm" =~ ^[Yy]$ ]] && reboot
142 | }
143 | 
144 | # Function: Restore backup sysctl.conf
145 | function restore_backup() {
146 |     if [[ -f "$BACKUP_PATH" ]]; then
147 |         cp "$BACKUP_PATH" "$SYSCTL_PATH"
148 |         echo -e "${GREEN}✓ Backup restored.${RESET}"
149 |         sysctl -p > /dev/null 2>&1
150 |         echo
151 |         read -p "→ Reboot system now? [y/N]: " confirm
152 |         [[ "$confirm" =~ ^[Yy]$ ]] && reboot
153 |     else
154 |         echo -e "${RED}✗ No backup file found.${RESET}"
155 |     fi
156 | }
157 | 
158 | # Function: Restore backup limits.conf
159 | function restore_limits_backup() {
160 |     if [[ -f "$LIMITS_BACKUP" ]]; then
161 |         cp "$LIMITS_BACKUP" "$LIMITS_PATH"
162 |         echo -e "${GREEN}✓ limits.conf backup restored.${RESET}"
163 |         echo
164 |         read -p "→ Reboot system now? [y/N]: " confirm
165 |         [[ "$confirm" =~ ^[Yy]$ ]] && reboot
166 |     else
167 |         echo -e "${RED}✗ No limits.conf backup file found.${RESET}"
168 |     fi
169 | }
170 | 
171 | # Show system info
172 | clear
173 | show_system_info
174 | 
175 | # Menu
176 | echo -e "${BOLD}Choose an option:${RESET}"
177 | echo -e "${YELLOW}1)${RESET} Install / Update Sysctl Optimization (sysctl.conf)"
178 | echo -e "${YELLOW}2)${RESET} Install / Update Security Limits (limits.conf)"
179 | echo -e "${YELLOW}3)${RESET} Restore Previous sysctl.conf Configuration"
180 | echo -e "${YELLOW}4)${RESET} Restore Previous limits.conf Configuration"
181 | echo -e "${YELLOW}5)${RESET} Exit"
182 | echo
183 | read -p "Enter choice [1-5]: " option
184 | 
185 | case "$option" in
186 |     1) install_bbr ;;
187 |     2) install_limits ;;
188 |     3) restore_backup ;;
189 |     4) restore_limits_backup ;;
190 |     5) echo -e "${GRAY}Exiting...${RESET}" ;;
191 |     *) echo -e "${RED}Invalid option.${RESET}" ;;
192 | esac
193 | 


--------------------------------------------------------------------------------
/default:
--------------------------------------------------------------------------------
  1 | dev.cdrom.info = Can read DVD:
  2 | dev.cdrom.info = Can write DVD-R:
  3 | dev.cdrom.info = Can write DVD-RAM:
  4 | dev.cdrom.info = Can read MRW:
  5 | dev.cdrom.info = Can write MRW:
  6 | dev.cdrom.info = Can write RAM:
  7 | dev.cdrom.info =
  8 | dev.cdrom.info =
  9 | dev.cdrom.lock = 0
 10 | dev.hpet.max-user-freq = 64
 11 | dev.mac_hid.mouse_button2_keycode = 97
 12 | dev.mac_hid.mouse_button3_keycode = 100
 13 | dev.mac_hid.mouse_button_emulation = 0
 14 | dev.raid.speed_limit_max = 200000
 15 | dev.raid.speed_limit_min = 1000
 16 | dev.scsi.logging_level = 0
 17 | dev.tty.ldisc_autoload = 1
 18 | dev.tty.legacy_tiocsti = 0
 19 | fs.aio-max-nr = 65536
 20 | fs.aio-nr = 0
 21 | fs.binfmt_misc.python3/12 = enabled
 22 | fs.binfmt_misc.python3/12 = interpreter /usr/bin/python3.12
 23 | fs.binfmt_misc.python3/12 = flags:
 24 | fs.binfmt_misc.python3/12 = offset 0
 25 | fs.binfmt_misc.python3/12 = magic cb0d0d0a
 26 | fs.binfmt_misc.status = enabled
 27 | fs.dentry-state = 16348 10618   45      0       4116    0
 28 | fs.dir-notify-enable = 1
 29 | fs.epoll.max_user_watches = 201416
 30 | fs.fanotify.max_queued_events = 16384
 31 | fs.fanotify.max_user_groups = 128
 32 | fs.fanotify.max_user_marks = 8192
 33 | fs.file-max = 9223372036854775807
 34 | fs.file-nr = 928        0       9223372036854775807
 35 | fs.inode-nr = 12728     472
 36 | fs.inode-state = 12728  472     0       0       0       0       0
 37 | fs.inotify.max_queued_events = 16384
 38 | fs.inotify.max_user_instances = 128
 39 | fs.inotify.max_user_watches = 8192
 40 | fs.lease-break-time = 45
 41 | fs.leases-enable = 1
 42 | fs.mount-max = 100000
 43 | fs.mqueue.msg_default = 10
 44 | fs.mqueue.msg_max = 10
 45 | fs.mqueue.msgsize_default = 8192
 46 | fs.mqueue.msgsize_max = 8192
 47 | fs.mqueue.queues_max = 256
 48 | fs.nr_open = 1048576
 49 | fs.overflowgid = 65534
 50 | fs.overflowuid = 65534
 51 | fs.pipe-max-size = 1048576
 52 | fs.pipe-user-pages-hard = 0
 53 | fs.pipe-user-pages-soft = 16384
 54 | fs.protected_fifos = 1
 55 | fs.protected_hardlinks = 1
 56 | fs.protected_regular = 2
 57 | fs.protected_symlinks = 1
 58 | fs.quota.allocated_dquots = 0
 59 | fs.quota.cache_hits = 0
 60 | fs.quota.drops = 0
 61 | fs.quota.free_dquots = 0
 62 | fs.quota.lookups = 0
 63 | fs.quota.reads = 0
 64 | fs.quota.syncs = 0
 65 | fs.quota.writes = 0
 66 | fs.suid_dumpable = 2
 67 | fs.verity.require_signatures = 0
 68 | kernel.acct = 4 2       30
 69 | kernel.acpi_video_flags = 0
 70 | kernel.apparmor_display_secid_mode = 0
 71 | kernel.apparmor_restrict_unprivileged_io_uring = 0
 72 | kernel.apparmor_restrict_unprivileged_unconfined = 0
 73 | kernel.apparmor_restrict_unprivileged_userns = 1
 74 | kernel.apparmor_restrict_unprivileged_userns_complain = 0
 75 | kernel.apparmor_restrict_unprivileged_userns_force = 0
 76 | kernel.arch = x86_64
 77 | kernel.auto_msgmni = 0
 78 | kernel.bootloader_type = 114
 79 | kernel.bootloader_version = 2
 80 | kernel.bpf_stats_enabled = 0
 81 | kernel.cad_pid = 1
 82 | kernel.cap_last_cap = 40
 83 | kernel.core_pattern = |/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -F%F -- %E
 84 | kernel.core_pipe_limit = 10
 85 | kernel.core_uses_pid = 0
 86 | kernel.ctrl-alt-del = 0
 87 | kernel.dmesg_restrict = 1
 88 | kernel.domainname = (none)
 89 | kernel.firmware_config.force_sysfs_fallback = 0
 90 | kernel.firmware_config.ignore_sysfs_fallback = 0
 91 | kernel.ftrace_dump_on_oops = 0
 92 | kernel.ftrace_enabled = 1
 93 | kernel.hardlockup_all_cpu_backtrace = 0
 94 | kernel.hardlockup_panic = 0
 95 | kernel.hostname = n1.vip.com
 96 | kernel.hotplug =
 97 | kernel.hung_task_all_cpu_backtrace = 0
 98 | kernel.hung_task_check_count = 4194304
 99 | kernel.hung_task_check_interval_secs = 0
100 | kernel.hung_task_panic = 0
101 | kernel.hung_task_timeout_secs = 120
102 | kernel.hung_task_warnings = 10
103 | kernel.io_delay_type = 1
104 | kernel.io_uring_disabled = 0
105 | kernel.io_uring_group = -1
106 | kernel.kexec_load_disabled = 0
107 | kernel.kexec_load_limit_panic = -1
108 | kernel.kexec_load_limit_reboot = -1
109 | kernel.keys.gc_delay = 300
110 | kernel.keys.maxbytes = 20000
111 | kernel.keys.maxkeys = 200
112 | kernel.keys.persistent_keyring_expiry = 259200
113 | kernel.keys.root_maxbytes = 25000000
114 | kernel.keys.root_maxkeys = 1000000
115 | kernel.kptr_restrict = 1
116 | kernel.latencytop = 0
117 | kernel.max_lock_depth = 1024
118 | kernel.max_rcu_stall_to_panic = 0
119 | kernel.modprobe = /sbin/modprobe
120 | kernel.modules_disabled = 0
121 | kernel.msg_next_id = -1
122 | kernel.msgmax = 8192
123 | kernel.msgmnb = 16384
124 | kernel.msgmni = 32000
125 | kernel.ngroups_max = 65536
126 | kernel.nmi_watchdog = 0
127 | kernel.ns_last_pid = 937
128 | kernel.numa_balancing = 0
129 | kernel.numa_balancing_promote_rate_limit_MBps = 65536
130 | kernel.oops_all_cpu_backtrace = 0
131 | kernel.oops_limit = 10000
132 | kernel.osrelease = 6.8.0-60-generic
133 | kernel.ostype = Linux
134 | kernel.overflowgid = 65534
135 | kernel.overflowuid = 65534
136 | kernel.panic = 0
137 | kernel.panic_on_io_nmi = 0
138 | kernel.panic_on_oops = 0
139 | kernel.panic_on_rcu_stall = 0
140 | kernel.panic_on_unrecovered_nmi = 0
141 | kernel.panic_on_warn = 0
142 | kernel.panic_print = 0
143 | kernel.perf_cpu_time_max_percent = 25
144 | kernel.perf_event_max_contexts_per_stack = 8
145 | kernel.perf_event_max_sample_rate = 100000
146 | kernel.perf_event_max_stack = 127
147 | kernel.perf_event_mlock_kb = 516
148 | kernel.perf_event_paranoid = 4
149 | kernel.pid_max = 4194304
150 | kernel.poweroff_cmd = /sbin/poweroff
151 | kernel.print-fatal-signals = 0
152 | kernel.printk = 4       4       1       7
153 | kernel.printk_delay = 0
154 | kernel.printk_devkmsg = on
155 | kernel.printk_ratelimit = 5
156 | kernel.printk_ratelimit_burst = 10
157 | kernel.pty.max = 4096
158 | kernel.pty.nr = 1
159 | kernel.pty.reserve = 1024
160 | kernel.random.boot_id = cd809733-204d-4ca4-860d-3595e3d37a48
161 | kernel.random.entropy_avail = 256
162 | kernel.random.poolsize = 256
163 | kernel.random.urandom_min_reseed_secs = 60
164 | kernel.random.uuid = 3feb2f43-75ef-4ccd-a65d-27e2854ee221
165 | kernel.random.write_wakeup_threshold = 256
166 | kernel.randomize_va_space = 2
167 | kernel.real-root-dev = 0
168 | kernel.sched_autogroup_enabled = 1
169 | kernel.sched_cfs_bandwidth_slice_us = 5000
170 | kernel.sched_deadline_period_max_us = 4194304
171 | kernel.sched_deadline_period_min_us = 100
172 | kernel.sched_rr_timeslice_ms = 100
173 | kernel.sched_rt_period_us = 1000000
174 | kernel.sched_rt_runtime_us = 950000
175 | kernel.sched_schedstats = 0
176 | kernel.sched_util_clamp_max = 1024
177 | kernel.sched_util_clamp_min = 1024
178 | kernel.sched_util_clamp_min_rt_default = 1024
179 | kernel.seccomp.actions_avail = kill_process kill_thread trap errno user_notif trace log allow
180 | kernel.seccomp.actions_logged = kill_process kill_thread trap errno user_notif trace log
181 | kernel.sem = 32000      1024000000      500     32000
182 | kernel.sem_next_id = -1
183 | kernel.shm_next_id = -1
184 | kernel.shm_rmid_forced = 0
185 | kernel.shmall = 18446744073692774399
186 | kernel.shmmax = 18446744073692774399
187 | kernel.shmmni = 4096
188 | kernel.soft_watchdog = 1
189 | kernel.softlockup_all_cpu_backtrace = 0
190 | kernel.softlockup_panic = 0
191 | kernel.split_lock_mitigate = 1
192 | kernel.stack_tracer_enabled = 0
193 | kernel.sysctl_writes_strict = 1
194 | kernel.sysrq = 176
195 | kernel.tainted = 0
196 | kernel.task_delayacct = 0
197 | kernel.threads-max = 7069
198 | kernel.timer_migration = 1
199 | kernel.traceoff_on_warning = 0
200 | kernel.tracepoint_printk = 0
201 | kernel.unknown_nmi_panic = 0
202 | kernel.unprivileged_bpf_disabled = 2
203 | kernel.unprivileged_userns_apparmor_policy = 1
204 | kernel.unprivileged_userns_clone = 1
205 | kernel.user_events_max = 32768
206 | kernel.usermodehelper.bset = 4294967295 511
207 | kernel.usermodehelper.inheritable = 4294967295  511
208 | kernel.version = #63-Ubuntu SMP PREEMPT_DYNAMIC Tue Apr 15 19:04:15 UTC 2025
209 | kernel.warn_limit = 0
210 | kernel.watchdog = 1
211 | kernel.watchdog_cpumask = 0
212 | kernel.watchdog_thresh = 10
213 | kernel.yama.ptrace_scope = 1
214 | net.core.bpf_jit_enable = 1
215 | net.core.bpf_jit_harden = 0
216 | net.core.bpf_jit_kallsyms = 1
217 | net.core.bpf_jit_limit = 528482304
218 | net.core.busy_poll = 0
219 | net.core.busy_read = 0
220 | net.core.default_qdisc = fq_codel
221 | net.core.dev_weight = 64
222 | net.core.dev_weight_rx_bias = 1
223 | net.core.dev_weight_tx_bias = 1
224 | net.core.devconf_inherit_init_net = 0
225 | net.core.fb_tunnels_only_for_init_net = 0
226 | net.core.flow_limit_cpu_bitmap = 0
227 | net.core.flow_limit_table_len = 4096
228 | net.core.gro_normal_batch = 8
229 | net.core.high_order_alloc_disable = 0
230 | net.core.max_skb_frags = 17
231 | net.core.mem_pcpu_rsv = 256
232 | net.core.message_burst = 10
233 | net.core.message_cost = 5
234 | net.core.netdev_budget = 300
235 | net.core.netdev_budget_usecs = 2000
236 | net.core.netdev_max_backlog = 1000
237 | net.core.netdev_rss_key = 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00
238 | net.core.netdev_tstamp_prequeue = 1
239 | net.core.netdev_unregister_timeout_secs = 10
240 | net.core.optmem_max = 131072
241 | net.core.rmem_default = 212992
242 | net.core.rmem_max = 212992
243 | net.core.rps_default_mask = 0
244 | net.core.rps_sock_flow_entries = 0
245 | net.core.skb_defer_max = 64
246 | net.core.somaxconn = 4096
247 | net.core.tstamp_allow_data = 1
248 | net.core.txrehash = 1
249 | net.core.warnings = 0
250 | net.core.wmem_default = 212992
251 | net.core.wmem_max = 212992
252 | net.core.xfrm_acq_expires = 30
253 | net.core.xfrm_aevent_etime = 10
254 | net.core.xfrm_aevent_rseqth = 2
255 | net.core.xfrm_larval_drop = 1
256 | net.ipv4.cipso_cache_bucket_size = 10
257 | net.ipv4.cipso_cache_enable = 1
258 | net.ipv4.cipso_rbm_optfmt = 0
259 | net.ipv4.cipso_rbm_strictvalid = 1
260 | net.ipv4.conf.all.accept_local = 0
261 | net.ipv4.conf.all.accept_redirects = 1
262 | net.ipv4.conf.all.accept_source_route = 0
263 | net.ipv4.conf.all.arp_accept = 0
264 | net.ipv4.conf.all.arp_announce = 0
265 | net.ipv4.conf.all.arp_evict_nocarrier = 1
266 | net.ipv4.conf.all.arp_filter = 0
267 | net.ipv4.conf.all.arp_ignore = 0
268 | net.ipv4.conf.all.arp_notify = 0
269 | net.ipv4.conf.all.bc_forwarding = 0
270 | net.ipv4.conf.all.bootp_relay = 0
271 | net.ipv4.conf.all.disable_policy = 0
272 | net.ipv4.conf.all.disable_xfrm = 0
273 | net.ipv4.conf.all.drop_gratuitous_arp = 0
274 | net.ipv4.conf.all.drop_unicast_in_l2_multicast = 0
275 | net.ipv4.conf.all.force_igmp_version = 0
276 | net.ipv4.conf.all.forwarding = 0
277 | net.ipv4.conf.all.igmpv2_unsolicited_report_interval = 10000
278 | net.ipv4.conf.all.igmpv3_unsolicited_report_interval = 1000
279 | net.ipv4.conf.all.ignore_routes_with_linkdown = 0
280 | net.ipv4.conf.all.log_martians = 0
281 | net.ipv4.conf.all.mc_forwarding = 0
282 | net.ipv4.conf.all.medium_id = 0
283 | net.ipv4.conf.all.promote_secondaries = 0
284 | net.ipv4.conf.all.proxy_arp = 0
285 | net.ipv4.conf.all.proxy_arp_pvlan = 0
286 | net.ipv4.conf.all.route_localnet = 0
287 | net.ipv4.conf.all.rp_filter = 2
288 | net.ipv4.conf.all.secure_redirects = 1
289 | net.ipv4.conf.all.send_redirects = 1
290 | net.ipv4.conf.all.shared_media = 1
291 | net.ipv4.conf.all.src_valid_mark = 0
292 | net.ipv4.conf.all.tag = 0
293 | net.ipv4.conf.default.accept_local = 0
294 | net.ipv4.conf.default.accept_redirects = 1
295 | net.ipv4.conf.default.accept_source_route = 1
296 | net.ipv4.conf.default.arp_accept = 0
297 | net.ipv4.conf.default.arp_announce = 0
298 | net.ipv4.conf.default.arp_evict_nocarrier = 1
299 | net.ipv4.conf.default.arp_filter = 0
300 | net.ipv4.conf.default.arp_ignore = 0
301 | net.ipv4.conf.default.arp_notify = 0
302 | net.ipv4.conf.default.bc_forwarding = 0
303 | net.ipv4.conf.default.bootp_relay = 0
304 | net.ipv4.conf.default.disable_policy = 0
305 | net.ipv4.conf.default.disable_xfrm = 0
306 | net.ipv4.conf.default.drop_gratuitous_arp = 0
307 | net.ipv4.conf.default.drop_unicast_in_l2_multicast = 0
308 | net.ipv4.conf.default.force_igmp_version = 0
309 | net.ipv4.conf.default.forwarding = 0
310 | net.ipv4.conf.default.igmpv2_unsolicited_report_interval = 10000
311 | net.ipv4.conf.default.igmpv3_unsolicited_report_interval = 1000
312 | net.ipv4.conf.default.ignore_routes_with_linkdown = 0
313 | net.ipv4.conf.default.log_martians = 0
314 | net.ipv4.conf.default.mc_forwarding = 0
315 | net.ipv4.conf.default.medium_id = 0
316 | net.ipv4.conf.default.promote_secondaries = 0
317 | net.ipv4.conf.default.proxy_arp = 0
318 | net.ipv4.conf.default.proxy_arp_pvlan = 0
319 | net.ipv4.conf.default.route_localnet = 0
320 | net.ipv4.conf.default.rp_filter = 2
321 | net.ipv4.conf.default.secure_redirects = 1
322 | net.ipv4.conf.default.send_redirects = 1
323 | net.ipv4.conf.default.shared_media = 1
324 | net.ipv4.conf.default.src_valid_mark = 0
325 | net.ipv4.conf.default.tag = 0
326 | net.ipv4.conf.eth0.accept_local = 0
327 | net.ipv4.conf.eth0.accept_redirects = 1
328 | net.ipv4.conf.eth0.accept_source_route = 1
329 | net.ipv4.conf.eth0.arp_accept = 0
330 | net.ipv4.conf.eth0.arp_announce = 0
331 | net.ipv4.conf.eth0.arp_evict_nocarrier = 1
332 | net.ipv4.conf.eth0.arp_filter = 0
333 | net.ipv4.conf.eth0.arp_ignore = 0
334 | net.ipv4.conf.eth0.arp_notify = 0
335 | net.ipv4.conf.eth0.bc_forwarding = 0
336 | net.ipv4.conf.eth0.bootp_relay = 0
337 | net.ipv4.conf.eth0.disable_policy = 0
338 | net.ipv4.conf.eth0.disable_xfrm = 0
339 | net.ipv4.conf.eth0.drop_gratuitous_arp = 0
340 | net.ipv4.conf.eth0.drop_unicast_in_l2_multicast = 0
341 | net.ipv4.conf.eth0.force_igmp_version = 0
342 | net.ipv4.conf.eth0.forwarding = 0
343 | net.ipv4.conf.eth0.igmpv2_unsolicited_report_interval = 10000
344 | net.ipv4.conf.eth0.igmpv3_unsolicited_report_interval = 1000
345 | net.ipv4.conf.eth0.ignore_routes_with_linkdown = 0
346 | net.ipv4.conf.eth0.log_martians = 0
347 | net.ipv4.conf.eth0.mc_forwarding = 0
348 | net.ipv4.conf.eth0.medium_id = 0
349 | net.ipv4.conf.eth0.promote_secondaries = 0
350 | net.ipv4.conf.eth0.proxy_arp = 0
351 | net.ipv4.conf.eth0.proxy_arp_pvlan = 0
352 | net.ipv4.conf.eth0.route_localnet = 0
353 | net.ipv4.conf.eth0.rp_filter = 2
354 | net.ipv4.conf.eth0.secure_redirects = 1
355 | net.ipv4.conf.eth0.send_redirects = 1
356 | net.ipv4.conf.eth0.shared_media = 1
357 | net.ipv4.conf.eth0.src_valid_mark = 0
358 | net.ipv4.conf.eth0.tag = 0
359 | net.ipv4.conf.lo.accept_local = 0
360 | net.ipv4.conf.lo.accept_redirects = 1
361 | net.ipv4.conf.lo.accept_source_route = 1
362 | net.ipv4.conf.lo.arp_accept = 0
363 | net.ipv4.conf.lo.arp_announce = 0
364 | net.ipv4.conf.lo.arp_evict_nocarrier = 1
365 | net.ipv4.conf.lo.arp_filter = 0
366 | net.ipv4.conf.lo.arp_ignore = 0
367 | net.ipv4.conf.lo.arp_notify = 0
368 | net.ipv4.conf.lo.bc_forwarding = 0
369 | net.ipv4.conf.lo.bootp_relay = 0
370 | net.ipv4.conf.lo.disable_policy = 1
371 | net.ipv4.conf.lo.disable_xfrm = 1
372 | net.ipv4.conf.lo.drop_gratuitous_arp = 0
373 | net.ipv4.conf.lo.drop_unicast_in_l2_multicast = 0
374 | net.ipv4.conf.lo.force_igmp_version = 0
375 | net.ipv4.conf.lo.forwarding = 0
376 | net.ipv4.conf.lo.igmpv2_unsolicited_report_interval = 10000
377 | net.ipv4.conf.lo.igmpv3_unsolicited_report_interval = 1000
378 | net.ipv4.conf.lo.ignore_routes_with_linkdown = 0
379 | net.ipv4.conf.lo.log_martians = 0
380 | net.ipv4.conf.lo.mc_forwarding = 0
381 | net.ipv4.conf.lo.medium_id = 0
382 | net.ipv4.conf.lo.promote_secondaries = 0
383 | net.ipv4.conf.lo.proxy_arp = 0
384 | net.ipv4.conf.lo.proxy_arp_pvlan = 0
385 | net.ipv4.conf.lo.route_localnet = 0
386 | net.ipv4.conf.lo.rp_filter = 0
387 | net.ipv4.conf.lo.secure_redirects = 1
388 | net.ipv4.conf.lo.send_redirects = 1
389 | net.ipv4.conf.lo.shared_media = 1
390 | net.ipv4.conf.lo.src_valid_mark = 0
391 | net.ipv4.conf.lo.tag = 0
392 | net.ipv4.fib_multipath_hash_fields = 7
393 | net.ipv4.fib_multipath_hash_policy = 0
394 | net.ipv4.fib_multipath_use_neigh = 0
395 | net.ipv4.fib_notify_on_flag_change = 0
396 | net.ipv4.fib_sync_mem = 524288
397 | net.ipv4.fwmark_reflect = 0
398 | net.ipv4.icmp_echo_enable_probe = 0
399 | net.ipv4.icmp_echo_ignore_all = 0
400 | net.ipv4.icmp_echo_ignore_broadcasts = 1
401 | net.ipv4.icmp_errors_use_inbound_ifaddr = 0
402 | net.ipv4.icmp_ignore_bogus_error_responses = 1
403 | net.ipv4.icmp_msgs_burst = 50
404 | net.ipv4.icmp_msgs_per_sec = 1000
405 | net.ipv4.icmp_ratelimit = 1000
406 | net.ipv4.icmp_ratemask = 6168
407 | net.ipv4.igmp_link_local_mcast_reports = 1
408 | net.ipv4.igmp_max_memberships = 20
409 | net.ipv4.igmp_max_msf = 10
410 | net.ipv4.igmp_qrv = 2
411 | net.ipv4.inet_peer_maxttl = 600
412 | net.ipv4.inet_peer_minttl = 120
413 | net.ipv4.inet_peer_threshold = 48260
414 | net.ipv4.ip_autobind_reuse = 0
415 | net.ipv4.ip_default_ttl = 64
416 | net.ipv4.ip_dynaddr = 0
417 | net.ipv4.ip_early_demux = 1
418 | net.ipv4.ip_forward = 0
419 | net.ipv4.ip_forward_update_priority = 1
420 | net.ipv4.ip_forward_use_pmtu = 0
421 | net.ipv4.ip_local_port_range = 32768    60999
422 | net.ipv4.ip_local_reserved_ports =
423 | net.ipv4.ip_no_pmtu_disc = 0
424 | net.ipv4.ip_nonlocal_bind = 0
425 | net.ipv4.ip_unprivileged_port_start = 1024
426 | net.ipv4.ipfrag_high_thresh = 4194304
427 | net.ipv4.ipfrag_low_thresh = 3145728
428 | net.ipv4.ipfrag_max_dist = 64
429 | net.ipv4.ipfrag_secret_interval = 0
430 | net.ipv4.ipfrag_time = 30
431 | net.ipv4.neigh.default.anycast_delay = 100
432 | net.ipv4.neigh.default.app_solicit = 0
433 | net.ipv4.neigh.default.base_reachable_time_ms = 30000
434 | net.ipv4.neigh.default.delay_first_probe_time = 5
435 | net.ipv4.neigh.default.gc_interval = 30
436 | net.ipv4.neigh.default.gc_stale_time = 60
437 | net.ipv4.neigh.default.gc_thresh1 = 128
438 | net.ipv4.neigh.default.gc_thresh2 = 512
439 | net.ipv4.neigh.default.gc_thresh3 = 1024
440 | net.ipv4.neigh.default.interval_probe_time_ms = 5000
441 | net.ipv4.neigh.default.locktime = 100
442 | net.ipv4.neigh.default.mcast_resolicit = 0
443 | net.ipv4.neigh.default.mcast_solicit = 3
444 | net.ipv4.neigh.default.proxy_delay = 80
445 | net.ipv4.neigh.default.proxy_qlen = 64
446 | net.ipv4.neigh.default.retrans_time_ms = 1000
447 | net.ipv4.neigh.default.ucast_solicit = 3
448 | net.ipv4.neigh.default.unres_qlen = 101
449 | net.ipv4.neigh.default.unres_qlen_bytes = 212992
450 | net.ipv4.neigh.eth0.anycast_delay = 100
451 | net.ipv4.neigh.eth0.app_solicit = 0
452 | net.ipv4.neigh.eth0.base_reachable_time_ms = 30000
453 | net.ipv4.neigh.eth0.delay_first_probe_time = 5
454 | net.ipv4.neigh.eth0.gc_stale_time = 60
455 | net.ipv4.neigh.eth0.interval_probe_time_ms = 5000
456 | net.ipv4.neigh.eth0.locktime = 100
457 | net.ipv4.neigh.eth0.mcast_resolicit = 0
458 | net.ipv4.neigh.eth0.mcast_solicit = 3
459 | net.ipv4.neigh.eth0.proxy_delay = 80
460 | net.ipv4.neigh.eth0.proxy_qlen = 64
461 | net.ipv4.neigh.eth0.retrans_time_ms = 1000
462 | net.ipv4.neigh.eth0.ucast_solicit = 3
463 | net.ipv4.neigh.eth0.unres_qlen = 101
464 | net.ipv4.neigh.eth0.unres_qlen_bytes = 212992
465 | net.ipv4.neigh.lo.anycast_delay = 100
466 | net.ipv4.neigh.lo.app_solicit = 0
467 | net.ipv4.neigh.lo.base_reachable_time_ms = 30000
468 | net.ipv4.neigh.lo.delay_first_probe_time = 5
469 | net.ipv4.neigh.lo.gc_stale_time = 60
470 | net.ipv4.neigh.lo.interval_probe_time_ms = 5000
471 | net.ipv4.neigh.lo.locktime = 100
472 | net.ipv4.neigh.lo.mcast_resolicit = 0
473 | net.ipv4.neigh.lo.mcast_solicit = 3
474 | net.ipv4.neigh.lo.proxy_delay = 80
475 | net.ipv4.neigh.lo.proxy_qlen = 64
476 | net.ipv4.neigh.lo.retrans_time_ms = 1000
477 | net.ipv4.neigh.lo.ucast_solicit = 3
478 | net.ipv4.neigh.lo.unres_qlen = 101
479 | net.ipv4.neigh.lo.unres_qlen_bytes = 212992
480 | net.ipv4.nexthop_compat_mode = 1
481 | net.ipv4.ping_group_range = 1   0
482 | net.ipv4.raw_l3mdev_accept = 1
483 | net.ipv4.route.error_burst = 5000
484 | net.ipv4.route.error_cost = 1000
485 | net.ipv4.route.gc_elasticity = 8
486 | net.ipv4.route.gc_interval = 60
487 | net.ipv4.route.gc_min_interval = 0
488 | net.ipv4.route.gc_min_interval_ms = 500
489 | net.ipv4.route.gc_thresh = -1
490 | net.ipv4.route.gc_timeout = 300
491 | net.ipv4.route.max_size = 2147483647
492 | net.ipv4.route.min_adv_mss = 256
493 | net.ipv4.route.min_pmtu = 552
494 | net.ipv4.route.mtu_expires = 600
495 | net.ipv4.route.redirect_load = 20
496 | net.ipv4.route.redirect_number = 9
497 | net.ipv4.route.redirect_silence = 20480
498 | net.ipv4.tcp_abort_on_overflow = 0
499 | net.ipv4.tcp_adv_win_scale = 1
500 | net.ipv4.tcp_allowed_congestion_control = reno cubic
501 | net.ipv4.tcp_app_win = 31
502 | net.ipv4.tcp_autocorking = 1
503 | net.ipv4.tcp_available_congestion_control = reno cubic
504 | net.ipv4.tcp_available_ulp = espintcp mptcp
505 | net.ipv4.tcp_backlog_ack_defer = 1
506 | net.ipv4.tcp_base_mss = 1024
507 | net.ipv4.tcp_challenge_ack_limit = 2147483647
508 | net.ipv4.tcp_child_ehash_entries = 0
509 | net.ipv4.tcp_comp_sack_delay_ns = 1000000
510 | net.ipv4.tcp_comp_sack_nr = 44
511 | net.ipv4.tcp_comp_sack_slack_ns = 100000
512 | net.ipv4.tcp_congestion_control = cubic
513 | net.ipv4.tcp_dsack = 1
514 | net.ipv4.tcp_early_demux = 1
515 | net.ipv4.tcp_early_retrans = 3
516 | net.ipv4.tcp_ecn = 2
517 | net.ipv4.tcp_ecn_fallback = 1
518 | net.ipv4.tcp_ehash_entries = 8192
519 | net.ipv4.tcp_fack = 0
520 | net.ipv4.tcp_fastopen = 1
521 | net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0
522 | net.ipv4.tcp_fastopen_key = 00000000-00000000-00000000-00000000
523 | net.ipv4.tcp_fin_timeout = 60
524 | net.ipv4.tcp_frto = 2
525 | net.ipv4.tcp_fwmark_accept = 0
526 | net.ipv4.tcp_invalid_ratelimit = 500
527 | net.ipv4.tcp_keepalive_intvl = 75
528 | net.ipv4.tcp_keepalive_probes = 9
529 | net.ipv4.tcp_keepalive_time = 7200
530 | net.ipv4.tcp_l3mdev_accept = 0
531 | net.ipv4.tcp_limit_output_bytes = 1048576
532 | net.ipv4.tcp_low_latency = 0
533 | net.ipv4.tcp_max_orphans = 4096
534 | net.ipv4.tcp_max_reordering = 300
535 | net.ipv4.tcp_max_syn_backlog = 128
536 | net.ipv4.tcp_max_tw_buckets = 4096
537 | net.ipv4.tcp_mem = 9813 13085   19626
538 | net.ipv4.tcp_migrate_req = 0
539 | net.ipv4.tcp_min_rtt_wlen = 300
540 | net.ipv4.tcp_min_snd_mss = 48
541 | net.ipv4.tcp_min_tso_segs = 2
542 | net.ipv4.tcp_moderate_rcvbuf = 1
543 | net.ipv4.tcp_mtu_probe_floor = 48
544 | net.ipv4.tcp_mtu_probing = 0
545 | net.ipv4.tcp_no_metrics_save = 0
546 | net.ipv4.tcp_no_ssthresh_metrics_save = 1
547 | net.ipv4.tcp_notsent_lowat = 4294967295
548 | net.ipv4.tcp_orphan_retries = 0
549 | net.ipv4.tcp_pacing_ca_ratio = 120
550 | net.ipv4.tcp_pacing_ss_ratio = 200
551 | net.ipv4.tcp_pingpong_thresh = 1
552 | net.ipv4.tcp_plb_cong_thresh = 128
553 | net.ipv4.tcp_plb_enabled = 0
554 | net.ipv4.tcp_plb_idle_rehash_rounds = 3
555 | net.ipv4.tcp_plb_rehash_rounds = 12
556 | net.ipv4.tcp_plb_suspend_rto_sec = 60
557 | net.ipv4.tcp_probe_interval = 600
558 | net.ipv4.tcp_probe_threshold = 8
559 | net.ipv4.tcp_recovery = 1
560 | net.ipv4.tcp_reflect_tos = 0
561 | net.ipv4.tcp_reordering = 3
562 | net.ipv4.tcp_retrans_collapse = 1
563 | net.ipv4.tcp_retries1 = 3
564 | net.ipv4.tcp_retries2 = 15
565 | net.ipv4.tcp_rfc1337 = 0
566 | net.ipv4.tcp_rmem = 4096        131072  6291456
567 | net.ipv4.tcp_sack = 1
568 | net.ipv4.tcp_shrink_window = 0
569 | net.ipv4.tcp_slow_start_after_idle = 1
570 | net.ipv4.tcp_stdurg = 0
571 | net.ipv4.tcp_syn_linear_timeouts = 4
572 | net.ipv4.tcp_syn_retries = 6
573 | net.ipv4.tcp_synack_retries = 5
574 | net.ipv4.tcp_syncookies = 1
575 | net.ipv4.tcp_thin_linear_timeouts = 0
576 | net.ipv4.tcp_timestamps = 1
577 | net.ipv4.tcp_tso_rtt_log = 9
578 | net.ipv4.tcp_tso_win_divisor = 3
579 | net.ipv4.tcp_tw_reuse = 2
580 | net.ipv4.tcp_window_scaling = 1
581 | net.ipv4.tcp_wmem = 4096        16384   4194304
582 | net.ipv4.tcp_workaround_signed_windows = 0
583 | net.ipv4.udp_child_hash_entries = 0
584 | net.ipv4.udp_early_demux = 1
585 | net.ipv4.udp_hash_entries = 512
586 | net.ipv4.udp_l3mdev_accept = 0
587 | net.ipv4.udp_mem = 19626        26170   39252
588 | net.ipv4.udp_rmem_min = 4096
589 | net.ipv4.udp_wmem_min = 4096
590 | net.ipv4.xfrm4_gc_thresh = 32768
591 | net.ipv6.anycast_src_echo_reply = 0
592 | net.ipv6.auto_flowlabels = 1
593 | net.ipv6.bindv6only = 0
594 | net.ipv6.calipso_cache_bucket_size = 10
595 | net.ipv6.calipso_cache_enable = 1
596 | net.ipv6.conf.all.accept_dad = 0
597 | net.ipv6.conf.all.accept_ra = 1
598 | net.ipv6.conf.all.accept_ra_defrtr = 1
599 | net.ipv6.conf.all.accept_ra_from_local = 0
600 | net.ipv6.conf.all.accept_ra_min_hop_limit = 1
601 | net.ipv6.conf.all.accept_ra_min_lft = 0
602 | net.ipv6.conf.all.accept_ra_mtu = 1
603 | net.ipv6.conf.all.accept_ra_pinfo = 1
604 | net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
605 | net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0
606 | net.ipv6.conf.all.accept_ra_rtr_pref = 1
607 | net.ipv6.conf.all.accept_redirects = 1
608 | net.ipv6.conf.all.accept_source_route = 0
609 | net.ipv6.conf.all.accept_untracked_na = 0
610 | net.ipv6.conf.all.addr_gen_mode = 0
611 | net.ipv6.conf.all.autoconf = 1
612 | net.ipv6.conf.all.dad_transmits = 1
613 | net.ipv6.conf.all.disable_ipv6 = 0
614 | net.ipv6.conf.all.disable_policy = 0
615 | net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0
616 | net.ipv6.conf.all.drop_unsolicited_na = 0
617 | net.ipv6.conf.all.enhanced_dad = 1
618 | net.ipv6.conf.all.force_mld_version = 0
619 | net.ipv6.conf.all.force_tllao = 0
620 | net.ipv6.conf.all.forwarding = 0
621 | net.ipv6.conf.all.hop_limit = 64
622 | net.ipv6.conf.all.ignore_routes_with_linkdown = 0
623 | net.ipv6.conf.all.ioam6_enabled = 0
624 | net.ipv6.conf.all.ioam6_id = 65535
625 | net.ipv6.conf.all.ioam6_id_wide = 4294967295
626 | net.ipv6.conf.all.keep_addr_on_down = 0
627 | net.ipv6.conf.all.max_addresses = 16
628 | net.ipv6.conf.all.max_desync_factor = 600
629 | net.ipv6.conf.all.mc_forwarding = 0
630 | net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000
631 | net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000
632 | net.ipv6.conf.all.mtu = 1280
633 | net.ipv6.conf.all.ndisc_evict_nocarrier = 1
634 | net.ipv6.conf.all.ndisc_notify = 0
635 | net.ipv6.conf.all.ndisc_tclass = 0
636 | net.ipv6.conf.all.proxy_ndp = 0
637 | net.ipv6.conf.all.ra_defrtr_metric = 1024
638 | net.ipv6.conf.all.ra_honor_pio_life = 0
639 | net.ipv6.conf.all.regen_max_retry = 3
640 | net.ipv6.conf.all.router_probe_interval = 60
641 | net.ipv6.conf.all.router_solicitation_delay = 1
642 | net.ipv6.conf.all.router_solicitation_interval = 4
643 | net.ipv6.conf.all.router_solicitation_max_interval = 3600
644 | net.ipv6.conf.all.router_solicitations = -1
645 | net.ipv6.conf.all.rpl_seg_enabled = 0
646 | net.ipv6.conf.all.seg6_enabled = 0
647 | net.ipv6.conf.all.seg6_require_hmac = 0
648 | net.ipv6.conf.all.suppress_frag_ndisc = 1
649 | net.ipv6.conf.all.temp_prefered_lft = 86400
650 | net.ipv6.conf.all.temp_valid_lft = 604800
651 | net.ipv6.conf.all.use_oif_addrs_only = 0
652 | net.ipv6.conf.all.use_tempaddr = 2
653 | net.ipv6.conf.default.accept_dad = 1
654 | net.ipv6.conf.default.accept_ra = 1
655 | net.ipv6.conf.default.accept_ra_defrtr = 1
656 | net.ipv6.conf.default.accept_ra_from_local = 0
657 | net.ipv6.conf.default.accept_ra_min_hop_limit = 1
658 | net.ipv6.conf.default.accept_ra_min_lft = 0
659 | net.ipv6.conf.default.accept_ra_mtu = 1
660 | net.ipv6.conf.default.accept_ra_pinfo = 1
661 | net.ipv6.conf.default.accept_ra_rt_info_max_plen = 0
662 | net.ipv6.conf.default.accept_ra_rt_info_min_plen = 0
663 | net.ipv6.conf.default.accept_ra_rtr_pref = 1
664 | net.ipv6.conf.default.accept_redirects = 1
665 | net.ipv6.conf.default.accept_source_route = 0
666 | net.ipv6.conf.default.accept_untracked_na = 0
667 | net.ipv6.conf.default.addr_gen_mode = 0
668 | net.ipv6.conf.default.autoconf = 1
669 | net.ipv6.conf.default.dad_transmits = 1
670 | net.ipv6.conf.default.disable_ipv6 = 0
671 | net.ipv6.conf.default.disable_policy = 0
672 | net.ipv6.conf.default.drop_unicast_in_l2_multicast = 0
673 | net.ipv6.conf.default.drop_unsolicited_na = 0
674 | net.ipv6.conf.default.enhanced_dad = 1
675 | net.ipv6.conf.default.force_mld_version = 0
676 | net.ipv6.conf.default.force_tllao = 0
677 | net.ipv6.conf.default.forwarding = 0
678 | net.ipv6.conf.default.hop_limit = 64
679 | net.ipv6.conf.default.ignore_routes_with_linkdown = 0
680 | net.ipv6.conf.default.ioam6_enabled = 0
681 | net.ipv6.conf.default.ioam6_id = 65535
682 | net.ipv6.conf.default.ioam6_id_wide = 4294967295
683 | net.ipv6.conf.default.keep_addr_on_down = 0
684 | net.ipv6.conf.default.max_addresses = 16
685 | net.ipv6.conf.default.max_desync_factor = 600
686 | net.ipv6.conf.default.mc_forwarding = 0
687 | net.ipv6.conf.default.mldv1_unsolicited_report_interval = 10000
688 | net.ipv6.conf.default.mldv2_unsolicited_report_interval = 1000
689 | net.ipv6.conf.default.mtu = 1280
690 | net.ipv6.conf.default.ndisc_evict_nocarrier = 1
691 | net.ipv6.conf.default.ndisc_notify = 0
692 | net.ipv6.conf.default.ndisc_tclass = 0
693 | net.ipv6.conf.default.proxy_ndp = 0
694 | net.ipv6.conf.default.ra_defrtr_metric = 1024
695 | net.ipv6.conf.default.ra_honor_pio_life = 0
696 | net.ipv6.conf.default.regen_max_retry = 3
697 | net.ipv6.conf.default.router_probe_interval = 60
698 | net.ipv6.conf.default.router_solicitation_delay = 1
699 | net.ipv6.conf.default.router_solicitation_interval = 4
700 | net.ipv6.conf.default.router_solicitation_max_interval = 3600
701 | net.ipv6.conf.default.router_solicitations = -1
702 | net.ipv6.conf.default.rpl_seg_enabled = 0
703 | net.ipv6.conf.default.seg6_enabled = 0
704 | net.ipv6.conf.default.seg6_require_hmac = 0
705 | net.ipv6.conf.default.suppress_frag_ndisc = 1
706 | net.ipv6.conf.default.temp_prefered_lft = 86400
707 | net.ipv6.conf.default.temp_valid_lft = 604800
708 | net.ipv6.conf.default.use_oif_addrs_only = 0
709 | net.ipv6.conf.default.use_tempaddr = 2
710 | net.ipv6.conf.eth0.accept_dad = 1
711 | net.ipv6.conf.eth0.accept_ra = 1
712 | net.ipv6.conf.eth0.accept_ra_defrtr = 1
713 | net.ipv6.conf.eth0.accept_ra_from_local = 0
714 | net.ipv6.conf.eth0.accept_ra_min_hop_limit = 1
715 | net.ipv6.conf.eth0.accept_ra_min_lft = 0
716 | net.ipv6.conf.eth0.accept_ra_mtu = 1
717 | net.ipv6.conf.eth0.accept_ra_pinfo = 1
718 | net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 0
719 | net.ipv6.conf.eth0.accept_ra_rt_info_min_plen = 0
720 | net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
721 | net.ipv6.conf.eth0.accept_redirects = 1
722 | net.ipv6.conf.eth0.accept_source_route = 0
723 | net.ipv6.conf.eth0.accept_untracked_na = 0
724 | net.ipv6.conf.eth0.addr_gen_mode = 0
725 | net.ipv6.conf.eth0.autoconf = 1
726 | net.ipv6.conf.eth0.dad_transmits = 1
727 | net.ipv6.conf.eth0.disable_ipv6 = 0
728 | net.ipv6.conf.eth0.disable_policy = 0
729 | net.ipv6.conf.eth0.drop_unicast_in_l2_multicast = 0
730 | net.ipv6.conf.eth0.drop_unsolicited_na = 0
731 | net.ipv6.conf.eth0.enhanced_dad = 1
732 | net.ipv6.conf.eth0.force_mld_version = 0
733 | net.ipv6.conf.eth0.force_tllao = 0
734 | net.ipv6.conf.eth0.forwarding = 0
735 | net.ipv6.conf.eth0.hop_limit = 64
736 | net.ipv6.conf.eth0.ignore_routes_with_linkdown = 0
737 | net.ipv6.conf.eth0.ioam6_enabled = 0
738 | net.ipv6.conf.eth0.ioam6_id = 65535
739 | net.ipv6.conf.eth0.ioam6_id_wide = 4294967295
740 | net.ipv6.conf.eth0.keep_addr_on_down = 0
741 | net.ipv6.conf.eth0.max_addresses = 16
742 | net.ipv6.conf.eth0.max_desync_factor = 600
743 | net.ipv6.conf.eth0.mc_forwarding = 0
744 | net.ipv6.conf.eth0.mldv1_unsolicited_report_interval = 10000
745 | net.ipv6.conf.eth0.mldv2_unsolicited_report_interval = 1000
746 | net.ipv6.conf.eth0.mtu = 1500
747 | net.ipv6.conf.eth0.ndisc_evict_nocarrier = 1
748 | net.ipv6.conf.eth0.ndisc_notify = 0
749 | net.ipv6.conf.eth0.ndisc_tclass = 0
750 | net.ipv6.conf.eth0.proxy_ndp = 0
751 | net.ipv6.conf.eth0.ra_defrtr_metric = 1024
752 | net.ipv6.conf.eth0.ra_honor_pio_life = 0
753 | net.ipv6.conf.eth0.regen_max_retry = 3
754 | net.ipv6.conf.eth0.router_probe_interval = 60
755 | net.ipv6.conf.eth0.router_solicitation_delay = 1
756 | net.ipv6.conf.eth0.router_solicitation_interval = 4
757 | net.ipv6.conf.eth0.router_solicitation_max_interval = 3600
758 | net.ipv6.conf.eth0.router_solicitations = -1
759 | net.ipv6.conf.eth0.rpl_seg_enabled = 0
760 | net.ipv6.conf.eth0.seg6_enabled = 0
761 | net.ipv6.conf.eth0.seg6_require_hmac = 0
762 | net.ipv6.conf.eth0.suppress_frag_ndisc = 1
763 | net.ipv6.conf.eth0.temp_prefered_lft = 86400
764 | net.ipv6.conf.eth0.temp_valid_lft = 604800
765 | net.ipv6.conf.eth0.use_oif_addrs_only = 0
766 | net.ipv6.conf.eth0.use_tempaddr = 0
767 | net.ipv6.conf.lo.accept_dad = -1
768 | net.ipv6.conf.lo.accept_ra = 1
769 | net.ipv6.conf.lo.accept_ra_defrtr = 1
770 | net.ipv6.conf.lo.accept_ra_from_local = 0
771 | net.ipv6.conf.lo.accept_ra_min_hop_limit = 1
772 | net.ipv6.conf.lo.accept_ra_min_lft = 0
773 | net.ipv6.conf.lo.accept_ra_mtu = 1
774 | net.ipv6.conf.lo.accept_ra_pinfo = 1
775 | net.ipv6.conf.lo.accept_ra_rt_info_max_plen = 0
776 | net.ipv6.conf.lo.accept_ra_rt_info_min_plen = 0
777 | net.ipv6.conf.lo.accept_ra_rtr_pref = 1
778 | net.ipv6.conf.lo.accept_redirects = 1
779 | net.ipv6.conf.lo.accept_source_route = 0
780 | net.ipv6.conf.lo.accept_untracked_na = 0
781 | net.ipv6.conf.lo.addr_gen_mode = 0
782 | net.ipv6.conf.lo.autoconf = 1
783 | net.ipv6.conf.lo.dad_transmits = 1
784 | net.ipv6.conf.lo.disable_ipv6 = 0
785 | net.ipv6.conf.lo.disable_policy = 0
786 | net.ipv6.conf.lo.drop_unicast_in_l2_multicast = 0
787 | net.ipv6.conf.lo.drop_unsolicited_na = 0
788 | net.ipv6.conf.lo.enhanced_dad = 1
789 | net.ipv6.conf.lo.force_mld_version = 0
790 | net.ipv6.conf.lo.force_tllao = 0
791 | net.ipv6.conf.lo.forwarding = 0
792 | net.ipv6.conf.lo.hop_limit = 64
793 | net.ipv6.conf.lo.ignore_routes_with_linkdown = 0
794 | net.ipv6.conf.lo.ioam6_enabled = 0
795 | net.ipv6.conf.lo.ioam6_id = 65535
796 | net.ipv6.conf.lo.ioam6_id_wide = 4294967295
797 | net.ipv6.conf.lo.keep_addr_on_down = 0
798 | net.ipv6.conf.lo.max_addresses = 16
799 | net.ipv6.conf.lo.max_desync_factor = 600
800 | net.ipv6.conf.lo.mc_forwarding = 0
801 | net.ipv6.conf.lo.mldv1_unsolicited_report_interval = 10000
802 | net.ipv6.conf.lo.mldv2_unsolicited_report_interval = 1000
803 | net.ipv6.conf.lo.mtu = 65536
804 | net.ipv6.conf.lo.ndisc_evict_nocarrier = 1
805 | net.ipv6.conf.lo.ndisc_notify = 0
806 | net.ipv6.conf.lo.ndisc_tclass = 0
807 | net.ipv6.conf.lo.proxy_ndp = 0
808 | net.ipv6.conf.lo.ra_defrtr_metric = 1024
809 | net.ipv6.conf.lo.ra_honor_pio_life = 0
810 | net.ipv6.conf.lo.regen_max_retry = 3
811 | net.ipv6.conf.lo.router_probe_interval = 60
812 | net.ipv6.conf.lo.router_solicitation_delay = 1
813 | net.ipv6.conf.lo.router_solicitation_interval = 4
814 | net.ipv6.conf.lo.router_solicitation_max_interval = 3600
815 | net.ipv6.conf.lo.router_solicitations = -1
816 | net.ipv6.conf.lo.rpl_seg_enabled = 0
817 | net.ipv6.conf.lo.seg6_enabled = 0
818 | net.ipv6.conf.lo.seg6_require_hmac = 0
819 | net.ipv6.conf.lo.suppress_frag_ndisc = 1
820 | net.ipv6.conf.lo.temp_prefered_lft = 86400
821 | net.ipv6.conf.lo.temp_valid_lft = 604800
822 | net.ipv6.conf.lo.use_oif_addrs_only = 0
823 | net.ipv6.conf.lo.use_tempaddr = -1
824 | net.ipv6.fib_multipath_hash_fields = 7
825 | net.ipv6.fib_multipath_hash_policy = 0
826 | net.ipv6.fib_notify_on_flag_change = 0
827 | net.ipv6.flowlabel_consistency = 1
828 | net.ipv6.flowlabel_reflect = 0
829 | net.ipv6.flowlabel_state_ranges = 0
830 | net.ipv6.fwmark_reflect = 0
831 | net.ipv6.icmp.echo_ignore_all = 0
832 | net.ipv6.icmp.echo_ignore_anycast = 0
833 | net.ipv6.icmp.echo_ignore_multicast = 0
834 | net.ipv6.icmp.error_anycast_as_unicast = 0
835 | net.ipv6.icmp.ratelimit = 1000
836 | net.ipv6.icmp.ratemask = 0-1,3-127
837 | net.ipv6.idgen_delay = 1
838 | net.ipv6.idgen_retries = 3
839 | net.ipv6.ioam6_id = 16777215
840 | net.ipv6.ioam6_id_wide = 72057594037927935
841 | net.ipv6.ip6frag_high_thresh = 4194304
842 | net.ipv6.ip6frag_low_thresh = 3145728
843 | net.ipv6.ip6frag_secret_interval = 0
844 | net.ipv6.ip6frag_time = 60
845 | net.ipv6.ip_nonlocal_bind = 0
846 | net.ipv6.max_dst_opts_length = 2147483647
847 | net.ipv6.max_dst_opts_number = 8
848 | net.ipv6.max_hbh_length = 2147483647
849 | net.ipv6.max_hbh_opts_number = 8
850 | net.ipv6.mld_max_msf = 64
851 | net.ipv6.mld_qrv = 2
852 | net.ipv6.neigh.default.anycast_delay = 100
853 | net.ipv6.neigh.default.app_solicit = 0
854 | net.ipv6.neigh.default.base_reachable_time_ms = 30000
855 | net.ipv6.neigh.default.delay_first_probe_time = 5
856 | net.ipv6.neigh.default.gc_interval = 30
857 | net.ipv6.neigh.default.gc_stale_time = 60
858 | net.ipv6.neigh.default.gc_thresh1 = 128
859 | net.ipv6.neigh.default.gc_thresh2 = 512
860 | net.ipv6.neigh.default.gc_thresh3 = 1024
861 | net.ipv6.neigh.default.interval_probe_time_ms = 5000
862 | net.ipv6.neigh.default.locktime = 0
863 | net.ipv6.neigh.default.mcast_resolicit = 0
864 | net.ipv6.neigh.default.mcast_solicit = 3
865 | net.ipv6.neigh.default.proxy_delay = 80
866 | net.ipv6.neigh.default.proxy_qlen = 64
867 | net.ipv6.neigh.default.retrans_time_ms = 1000
868 | net.ipv6.neigh.default.ucast_solicit = 3
869 | net.ipv6.neigh.default.unres_qlen = 101
870 | net.ipv6.neigh.default.unres_qlen_bytes = 212992
871 | net.ipv6.neigh.eth0.anycast_delay = 100
872 | net.ipv6.neigh.eth0.app_solicit = 0
873 | net.ipv6.neigh.eth0.base_reachable_time_ms = 30000
874 | net.ipv6.neigh.eth0.delay_first_probe_time = 5
875 | net.ipv6.neigh.eth0.gc_stale_time = 60
876 | net.ipv6.neigh.eth0.interval_probe_time_ms = 5000
877 | net.ipv6.neigh.eth0.locktime = 0
878 | net.ipv6.neigh.eth0.mcast_resolicit = 0
879 | net.ipv6.neigh.eth0.mcast_solicit = 3
880 | net.ipv6.neigh.eth0.proxy_delay = 80
881 | net.ipv6.neigh.eth0.proxy_qlen = 64
882 | net.ipv6.neigh.eth0.retrans_time_ms = 1000
883 | net.ipv6.neigh.eth0.ucast_solicit = 3
884 | net.ipv6.neigh.eth0.unres_qlen = 101
885 | net.ipv6.neigh.eth0.unres_qlen_bytes = 212992
886 | net.ipv6.neigh.lo.anycast_delay = 100
887 | net.ipv6.neigh.lo.app_solicit = 0
888 | net.ipv6.neigh.lo.base_reachable_time_ms = 30000
889 | net.ipv6.neigh.lo.delay_first_probe_time = 5
890 | net.ipv6.neigh.lo.gc_stale_time = 60
891 | net.ipv6.neigh.lo.interval_probe_time_ms = 5000
892 | net.ipv6.neigh.lo.locktime = 0
893 | net.ipv6.neigh.lo.mcast_resolicit = 0
894 | net.ipv6.neigh.lo.mcast_solicit = 3
895 | net.ipv6.neigh.lo.proxy_delay = 80
896 | net.ipv6.neigh.lo.proxy_qlen = 64
897 | net.ipv6.neigh.lo.retrans_time_ms = 1000
898 | net.ipv6.neigh.lo.ucast_solicit = 3
899 | net.ipv6.neigh.lo.unres_qlen = 101
900 | net.ipv6.neigh.lo.unres_qlen_bytes = 212992
901 | net.ipv6.route.gc_elasticity = 9
902 | net.ipv6.route.gc_interval = 30
903 | net.ipv6.route.gc_min_interval = 0
904 | net.ipv6.route.gc_min_interval_ms = 500
905 | net.ipv6.route.gc_thresh = 1024
906 | net.ipv6.route.gc_timeout = 60
907 | net.ipv6.route.max_size = 2147483647
908 | net.ipv6.route.min_adv_mss = 1220
909 | net.ipv6.route.mtu_expires = 600
910 | net.ipv6.route.skip_notify_on_dev_down = 0
911 | net.ipv6.seg6_flowlabel = 0
912 | net.ipv6.xfrm6_gc_thresh = 32768
913 | net.mptcp.add_addr_timeout = 120
914 | net.mptcp.allow_join_initial_addr_port = 1
915 | net.mptcp.checksum_enabled = 0
916 | net.mptcp.close_timeout = 60
917 | net.mptcp.enabled = 1
918 | net.mptcp.pm_type = 0
919 | net.mptcp.scheduler = default
920 | net.mptcp.stale_loss_cnt = 4
921 | net.netfilter.nf_hooks_lwtunnel = 0
922 | net.netfilter.nf_log.0 = NONE
923 | net.netfilter.nf_log.1 = NONE
924 | net.netfilter.nf_log.10 = NONE
925 | net.netfilter.nf_log.2 = NONE
926 | net.netfilter.nf_log.3 = NONE
927 | net.netfilter.nf_log.4 = NONE
928 | net.netfilter.nf_log.5 = NONE
929 | net.netfilter.nf_log.6 = NONE
930 | net.netfilter.nf_log.7 = NONE
931 | net.netfilter.nf_log.8 = NONE
932 | net.netfilter.nf_log.9 = NONE
933 | net.netfilter.nf_log_all_netns = 0
934 | net.unix.max_dgram_qlen = 512
935 | user.max_cgroup_namespaces = 3534
936 | user.max_fanotify_groups = 128
937 | user.max_fanotify_marks = 8192
938 | user.max_inotify_instances = 128
939 | user.max_inotify_watches = 8192
940 | user.max_ipc_namespaces = 3534
941 | user.max_mnt_namespaces = 3534
942 | user.max_net_namespaces = 3534
943 | user.max_pid_namespaces = 3534
944 | user.max_time_namespaces = 3534
945 | user.max_user_namespaces = 3534
946 | user.max_uts_namespaces = 3534
947 | vm.admin_reserve_kbytes = 8192
948 | vm.compact_unevictable_allowed = 1
949 | vm.compaction_proactiveness = 20
950 | vm.dirty_background_bytes = 0
951 | vm.dirty_background_ratio = 10
952 | vm.dirty_bytes = 0
953 | vm.dirty_expire_centisecs = 3000
954 | vm.dirty_ratio = 20
955 | vm.dirty_writeback_centisecs = 500
956 | vm.dirtytime_expire_seconds = 43200
957 | vm.extfrag_threshold = 500
958 | vm.hugetlb_optimize_vmemmap = 0
959 | vm.hugetlb_shm_group = 0
960 | vm.laptop_mode = 0
961 | vm.legacy_va_layout = 0
962 | vm.lowmem_reserve_ratio = 256   256     32      0       0
963 | vm.max_map_count = 1048576
964 | vm.memfd_noexec = 0
965 | vm.memory_failure_early_kill = 0
966 | vm.memory_failure_recovery = 1
967 | vm.min_free_kbytes = 44956
968 | vm.min_slab_ratio = 5
969 | vm.min_unmapped_ratio = 1
970 | vm.mmap_min_addr = 65536
971 | vm.mmap_rnd_bits = 32
972 | vm.mmap_rnd_compat_bits = 16
973 | vm.nr_hugepages = 0
974 | vm.nr_hugepages_mempolicy = 0
975 | vm.nr_overcommit_hugepages = 0
976 | vm.numa_stat = 1
977 | vm.numa_zonelist_order = Node
978 | vm.oom_dump_tasks = 1
979 | vm.oom_kill_allocating_task = 0
980 | vm.overcommit_kbytes = 0
981 | vm.overcommit_memory = 0
982 | vm.overcommit_ratio = 50
983 | vm.page-cluster = 3
984 | vm.page_lock_unfairness = 5
985 | vm.panic_on_oom = 0
986 | vm.percpu_pagelist_high_fraction = 0
987 | vm.stat_interval = 1
988 | vm.swappiness = 60
989 | vm.unprivileged_userfaultfd = 0
990 | vm.user_reserve_kbytes = 27982
991 | vm.vfs_cache_pressure = 100
992 | vm.watermark_boost_factor = 15000
993 | vm.watermark_scale_factor = 10
994 | vm.zone_reclaim_mode = 0
995 | root@n1:~#
996 | 


--------------------------------------------------------------------------------
/etc/security/limits.conf:
--------------------------------------------------------------------------------
1 | * soft nofile 131072
2 | * hard nofile 131072
3 | * soft nproc 65536
4 | * hard nproc 65536
5 | * soft stack 8192
6 | * hard stack 8192
7 | * soft memlock unlimited
8 | * hard memlock unlimited
9 | 


--------------------------------------------------------------------------------
/resolved.conf:
--------------------------------------------------------------------------------
 1 | [Resolve]
 2 | # Some examples of DNS servers which may be used for DNS= and FallbackDNS=:
 3 | # Cloudflare: 1.1.1.1#cloudflare-dns.com 1.0.0.1#cloudflare-dns.com 2606:4700:4700::1111#cloud>
 4 | # Google:     8.8.8.8#dns.google 8.8.4.4#dns.google 2001:4860:4860::8888#dns.google 2001:4860:>
 5 | # Quad9:      9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 26>
 6 | DNS=1.1.1.1 1.0.0.1
 7 | FallbackDNS=8.8.8.8 9.9.9.9
 8 | #Domains=
 9 | #DNSSEC=no
10 | #DNSOverTLS=no
11 | #MulticastDNS=no
12 | #LLMNR=no
13 | Cache=no
14 | CacheFromLocalhost=yes
15 | DNSStubListener=yes
16 | #DNSStubListenerExtra=
17 | ReadEtcHosts=yes
18 | #ResolveUnicastSingleLabel=no
19 | #StaleRetentionSec=0
20 | 


--------------------------------------------------------------------------------
/sysctl.conf:
--------------------------------------------------------------------------------
  1 | # ===================================== #
  2 | # Advanced Linux Network Configuration  #
  3 | # ===================================== #
  4 | 
  5 | # --- Core Network Settings ---
  6 | net.core.default_qdisc = fq_codel
  7 | net.core.somaxconn = 8192
  8 | net.core.netdev_max_backlog = 250000
  9 | net.core.netdev_budget = 1000
 10 | net.core.netdev_budget_usecs = 10000
 11 | net.core.dev_weight = 128
 12 | net.core.optmem_max = 65536
 13 | net.core.rmem_max = 67108864
 14 | net.core.wmem_max = 67108864
 15 | net.core.rmem_default = 262144
 16 | net.core.wmem_default = 262144
 17 | net.core.rps_default_mask = 0
 18 | net.core.rps_sock_flow_entries = 32768
 19 | net.core.tstamp_allow_data = 0
 20 | net.core.xfrm_acq_expires = 15
 21 | net.core.busy_poll = 0
 22 | net.core.busy_read = 0
 23 | net.core.bpf_jit_enable = 1
 24 | net.core.bpf_jit_harden = 0
 25 | 
 26 | # --- TCP/IP Performance ---
 27 | net.ipv4.tcp_congestion_control = bbr
 28 | net.ipv4.tcp_notsent_lowat = 4294967295
 29 | net.ipv4.tcp_timestamps = 1
 30 | net.ipv4.tcp_sack = 1
 31 | net.ipv4.tcp_dsack = 1
 32 | net.ipv4.tcp_fack = 1
 33 | net.ipv4.tcp_moderate_rcvbuf = 1
 34 | net.ipv4.tcp_early_retrans = 1
 35 | net.ipv4.tcp_low_latency = 0
 36 | net.ipv4.tcp_fin_timeout = 10
 37 | net.ipv4.tcp_tw_recycle = 0
 38 | net.ipv4.tcp_tw_reuse = 1
 39 | net.ipv4.tcp_window_scaling = 1
 40 | net.ipv4.tcp_adv_win_scale = 1
 41 | net.ipv4.tcp_rfc1337 = 0
 42 | net.ipv4.tcp_frto = 1
 43 | net.ipv4.tcp_ecn = 2
 44 | net.ipv4.tcp_ecn_fallback = 1
 45 | net.ipv4.tcp_plb_cong_thresh = 0
 46 | net.ipv4.tcp_plb_enabled = 0
 47 | net.ipv4.tcp_plb_suspend_rto_sec = 0
 48 | net.ipv4.tcp_reordering = 2
 49 | net.ipv4.tcp_recovery = 1
 50 | net.ipv4.tcp_slow_start_after_idle = 0
 51 | net.ipv4.tcp_abort_on_overflow = 0
 52 | net.ipv4.tcp_no_metrics_save = 1
 53 | net.ipv4.tcp_mtu_probing = 0
 54 | net.ipv4.tcp_base_mss = 1460
 55 | net.ipv4.tcp_fastopen = 3
 56 | net.ipv4.tcp_fastopen_blackhole_timeout_sec = 0
 57 | net.ipv4.tcp_syncookies = 0
 58 | net.ipv4.tcp_synack_retries = 3
 59 | net.ipv4.tcp_syn_retries = 3
 60 | net.ipv4.tcp_orphan_retries = 0
 61 | net.ipv4.tcp_max_orphans = 65536
 62 | net.ipv4.tcp_retrans_collapse = 0
 63 | net.ipv4.tcp_retries1 = 3
 64 | net.ipv4.tcp_retries2 = 15
 65 | net.ipv4.tcp_keepalive_time = 600
 66 | net.ipv4.tcp_keepalive_intvl = 60
 67 | net.ipv4.tcp_keepalive_probes = 9
 68 | net.ipv4.tcp_challenge_ack_limit = 2147483647
 69 | net.ipv4.tcp_mem = 4096 65536 16777216
 70 | net.ipv4.tcp_rmem = 4096 87380 67108864
 71 | net.ipv4.tcp_wmem = 4096 65536 67108864
 72 | net.ipv4.tcp_max_tw_buckets = 262144
 73 | net.ipv4.tcp_max_syn_backlog = 8192
 74 | net.ipv4.tcp_max_reordering = 300
 75 | net.ipv4.tcp_min_rtt_wlen = 100
 76 | net.ipv4.tcp_min_snd_mss = 536
 77 | net.ipv4.tcp_min_tso_segs = 2
 78 | net.ipv4.tcp_mtu_probe_floor = 256
 79 | net.ipv4.tcp_probe_interval = 100
 80 | net.ipv4.tcp_probe_threshold = 2
 81 | net.ipv4.tcp_pacing_ca_ratio = 200
 82 | net.ipv4.tcp_pacing_ss_ratio = 300
 83 | net.ipv4.tcp_shrink_window = 1
 84 | net.ipv4.tcp_early_demux = 1
 85 | 
 86 | # --- UDP Performance ---
 87 | net.ipv4.udp_mem = 19626        26170   39252
 88 | net.ipv4.udp_rmem_min = 4096
 89 | net.ipv4.udp_wmem_min = 4096
 90 | net.ipv4.udp_early_demux = 1
 91 | 
 92 | # --- IP Settings ---
 93 | net.ipv4.ip_local_port_range = 10240 65535
 94 | net.ipv4.ip_default_ttl = 64
 95 | net.ipv4.ip_nonlocal_bind = 1
 96 | net.ipv4.ip_autobind_reuse = 1
 97 | 
 98 | # --- ICMP Settings ---
 99 | net.ipv4.icmp_msgs_per_sec = 10000
100 | net.ipv4.icmp_msgs_burst = 1000
101 | net.ipv4.icmp_ratelimit = 1000
102 | net.ipv4.icmp_ratemask = 6168
103 | net.ipv4.icmp_echo_ignore_broadcasts = 0
104 | net.ipv4.icmp_echo_ignore_all = 0
105 | net.ipv4.icmp_ignore_bogus_error_responses = 0
106 | net.ipv4.icmp_echo_enable_probe = 0
107 | 
108 | # --- Routing ---
109 | net.ipv4.route.redirect_load = 0
110 | net.ipv4.route.gc_interval = 60
111 | net.ipv4.route.gc_thresh = -1
112 | net.ipv4.route.gc_timeout = 300
113 | net.ipv4.route.error_cost = 1000
114 | net.ipv4.route.error_burst = 5000
115 | net.ipv4.route.gc_elasticity = 16
116 | net.ipv4.fib_multipath_hash_policy = 1
117 | net.ipv4.route.flush = 3
118 | net.ipv6.route.flush = 3
119 | net.ipv4.ipfrag_high_thresh = 4194304
120 | net.ipv4.ipfrag_low_thresh = 2097152
121 | net.ipv4.ipfrag_max_dist = 128
122 | net.ipv4.ipfrag_secret_interval = 60
123 | net.ipv4.ipfrag_time = 10
124 | net.ipv4.route.gc_min_interval = 0
125 | net.ipv4.route.gc_min_interval_ms = 100
126 | net.ipv4.route.max_size = 1048576
127 | net.ipv4.route.min_adv_mss = 1460
128 | net.ipv4.route.min_pmtu = 552
129 | net.ipv4.route.mtu_expires = 100
130 | net.ipv4.route.redirect_number = 20
131 | net.ipv4.route.redirect_silence = 40960
132 | net.ipv4.fib_multipath_hash_fields = 31
133 | net.ipv4.fib_multipath_hash_policy = 0
134 | net.ipv4.fib_multipath_use_neigh = 0
135 | net.ipv4.fib_notify_on_flag_change = 0
136 | 
137 | # --- Neighbor & ARP ---
138 | net.ipv4.neigh.default.gc_stale_time = 10
139 | net.ipv4.neigh.default.gc_interval = 5
140 | net.ipv4.neigh.default.gc_thresh1 = 1024
141 | net.ipv4.neigh.default.gc_thresh2 = 2048
142 | net.ipv4.neigh.default.gc_thresh3 = 4096
143 | net.ipv4.neigh.default.anycast_delay = 0
144 | net.ipv4.neigh.default.proxy_delay = 0
145 | net.ipv4.neigh.lo.anycast_delay = 0
146 | net.ipv4.neigh.default.delay_first_probe_time = 1
147 | 
148 | # --- Interface Settings ---
149 | net.ipv4.conf.all.mc_forwarding = 0
150 | net.ipv4.conf.all.forwarding = 1
151 | net.ipv4.conf.default.forwarding = 1
152 | net.ipv4.conf.all.log_martians = 0
153 | net.ipv4.conf.default.log_martians = 0
154 | net.ipv4.conf.all.accept_local = 1
155 | net.ipv4.conf.default.accept_local = 1
156 | net.ipv4.conf.all.accept_source_route = 1
157 | net.ipv4.conf.default.accept_source_route = 1
158 | net.ipv4.conf.all.accept_redirects = 1
159 | net.ipv4.conf.default.accept_redirects = 1
160 | net.ipv4.conf.all.secure_redirects = 0
161 | net.ipv4.conf.default.secure_redirects = 0
162 | net.ipv4.conf.all.send_redirects = 1
163 | net.ipv4.conf.default.send_redirects = 1
164 | net.ipv4.conf.all.arp_filter = 1
165 | net.ipv4.conf.all.arp_ignore = 1
166 | net.ipv4.conf.default.arp_ignore = 1
167 | net.ipv4.conf.all.arp_announce = 1
168 | net.ipv4.conf.default.arp_announce = 1
169 | net.ipv4.conf.all.rp_filter = 1
170 | net.ipv4.conf.default.rp_filter = 1
171 | net.ipv4.conf.all.shared_media = 1
172 | net.ipv4.conf.default.shared_media = 1
173 | net.ipv4.conf.all.proxy_arp = 1
174 | net.ipv4.conf.default.proxy_arp = 1
175 | net.ipv4.conf.lo.accept_local = 1
176 | net.ipv4.conf.lo.route_localnet = 1
177 | net.ipv4.conf.lo.disable_xfrm = 0
178 | net.ipv4.conf.default.route_localnet = 1
179 | 
180 | # --- IPv6 ---
181 | net.ipv6.conf.all.disable_ipv6 = 0
182 | net.ipv6.conf.default.disable_ipv6 = 0
183 | net.ipv6.conf.lo.disable_ipv6 = 0
184 | net.ipv6.conf.all.accept_redirects = 0
185 | net.ipv6.conf.default.accept_ra = 0
186 | 
187 | # --- File System ---
188 | fs.aio-max-nr = 1048576
189 | fs.file-max = 2097152
190 | fs.nr_open = 2097152
191 | fs.inotify.max_user_watches = 524288
192 | fs.inotify.max_user_instances = 1024
193 | fs.inotify.max_queued_events = 16384
194 | 
195 | # --- Virtual Memory ---
196 | vm.swappiness = 10
197 | vm.dirty_ratio = 15
198 | vm.dirty_background_ratio = 10
199 | vm.page-cluster = 1
200 | vm.dirty_expire_centisecs = 1000
201 | vm.dirty_writeback_centisecs = 300
202 | vm.extfrag_threshold = 200
203 | vm.max_map_count = 65530
204 | vm.min_free_kbytes = 4096
205 | vm.vfs_cache_pressure = 100
206 | vm.overcommit_memory = 1
207 | vm.overcommit_ratio = 100
208 | vm.overcommit_kbytes = 0
209 | vm.mmap_min_addr = 4096
210 | vm.zone_reclaim_mode = 0
211 | vm.nr_hugepages = 0
212 | 
213 | # --- Kernel ---
214 | kernel.randomize_va_space = 0
215 | kernel.sched_autogroup_enabled = 0
216 | kernel.sched_migration_cost_ns = 100000
217 | kernel.pid_max = 131072
218 | kernel.threads-max = 131072
219 | kernel.kptr_restrict = 0
220 | kernel.yama.ptrace_scope = 0
221 | kernel.dmesg_restrict = 0
222 | kernel.sysrq = 1
223 | 


--------------------------------------------------------------------------------