How to configure is explain below:-
1-- Turn off the tcp_sack.
net.ipv4.tcp_sack = 0
2-- Turn off the tcp_timestamps.
net.ipv4.tcp_timestamps = 0
3-- Enable TCP SYN Cookie Protection.
net.ipv4.tcp_syncookies = 1
4-- Enable ignoring broadcasts request.
net.ipv4.icmp_echo_ignore_
5-- Enable bad error message Protection.
net.ipv4.icmp_ignore_bogus_
6-- Log Spoofed Packets, Source Routed Packets, Redirect Packets.
net.ipv4.conf.all.log_martians = 1
7-- Increases the size of the socket queue (effectively, q0),
net.ipv4.tcp_max_syn_backlog = 1024
8-- Increase the tcp-time-wait buckets pool size.
net.ipv4.tcp_max_tw_buckets = 1440000
9-- Allowed local port range.
net.ipv4.ip_local_port_range = 16384 65536
10-- After you make the changes to the file you need to run .
Quote
/sbin/sysctl -p
and
Quote
sysctl -w net.ipv4.route.flush=1
to enable the changes without a reboot.
****----****----****----****----****----****----****----****----
No comments:
Post a Comment