linux系統網絡優化

禁止發送重定向
net.ipv4.conf.eth1.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0

不接受icmp重定向
net.ipv4.conf.eth1.accept_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.accept_redirects = 0

忽略所有類型的icmp或ping
net.ipv4.icmp_echo_ignore_all = 1

新連接time-wait狀態的socket重利用
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

未用tcp並發連接超時時間30分鐘
net.ipv4.tcp_keepalive_time = 1800

半連接限制，防Dos攻擊
net.ipv4.tcp_max_syn_backlog = 4096
tcp-sack和tcp-dsack優化
net.ipv4.tcp_sack = 0
net.ipv4.tcp_dsack = 0

不接收tcp-timestamp
net.ipv4.tcp_timestamps = 0

禁用tcp窗口擴展
net.ipv4.tcp_window_scaling = 0