[root@hadoop102 ~]# vim /etc/sysctl.conf

    1. # sysctl settings are defined through files in
    2. # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
    3. #
    4. # Vendors settings live in /usr/lib/sysctl.d/.
    5. # To override a whole file, create a new file with the same in
    6. # /etc/sysctl.d/ and put new settings there. To override
    7. # only specific settings, add a file with a lexically later
    8. # name in /etc/sysctl.d/ and put new settings there.
    9. #
    10. # For more information, see sysctl.conf(5) and sysctl.d(5).
    12. #关闭ipv6
    13. net.ipv6.conf.all.disable_ipv6 = 1
    14. net.ipv6.conf.default.disable_ipv6 = 1
    16. # 避免放大攻击
    17. net.ipv4.icmp_echo_ignore_broadcasts = 1
    19. # 开启恶意icmp错误消息保护
    20. net.ipv4.icmp_ignore_bogus_error_responses = 1
    22. #关闭路由转发
    23. net.ipv4.ip_forward = 0
    24. net.ipv4.conf.all.send_redirects = 0
    25. net.ipv4.conf.default.send_redirects = 0
    27. #开启反向路径过滤
    28. net.ipv4.conf.all.rp_filter = 1
    29. net.ipv4.conf.default.rp_filter = 1
    31. #处理无源路由的包
    32. net.ipv4.conf.all.accept_source_route = 0
    33. net.ipv4.conf.default.accept_source_route = 0
    35. #关闭sysrq功能
    36. kernel.sysrq = 0
    38. #core文件名中添加pid作为扩展名
    39. kernel.core_uses_pid = 1
    41. # 开启SYN洪水攻击保护
    42. net.ipv4.tcp_syncookies = 1
    44. #修改消息队列长度
    45. kernel.msgmnb = 65536
    46. kernel.msgmax = 65536
    48. #设置最大内存共享段大小bytes
    49. kernel.shmmax = 68719476736
    50. kernel.shmall = 4294967296
    52. #timewait的数量,默认180000
    53. net.ipv4.tcp_max_tw_buckets = 6000
    54. net.ipv4.tcp_sack = 1
    55. net.ipv4.tcp_window_scaling = 1
    56. net.ipv4.tcp_rmem = 4096        87380   4194304
    57. net.ipv4.tcp_wmem = 4096        16384   4194304
    58. net.core.wmem_default = 8388608
    59. net.core.rmem_default = 8388608
    60. net.core.rmem_max = 16777216
    61. net.core.wmem_max = 16777216
    63. #每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目
    64. net.core.netdev_max_backlog = 262144
    66. #限制仅仅是为了防止简单的DoS 攻击
    67. net.ipv4.tcp_max_orphans = 3276800
    69. #未收到客户端确认信息的连接请求的最大值
    70. net.ipv4.tcp_max_syn_backlog = 262144
    71. net.ipv4.tcp_timestamps = 0
    73. #内核放弃建立连接之前发送SYNACK 包的数量
    74. net.ipv4.tcp_synack_retries = 1
    76. #内核放弃建立连接之前发送SYN 包的数量
    77. net.ipv4.tcp_syn_retries = 1
    79. #关闭timewait 快速回收,如果设置为1,可能会出现网络断断续续情况
    80. net.ipv4.tcp_tw_recycle = 0
    82. #开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
    83. net.ipv4.tcp_tw_reuse = 1
    84. net.ipv4.tcp_mem = 94500000 915000000 927000000
    85. net.ipv4.tcp_fin_timeout = 1
    87. #当keepalive 起用的时候,TCP 发送keepalive 消息的频度。缺省是2 小时
    88. net.ipv4.tcp_keepalive_time = 30
    90. #允许系统打开的端口范围
    91. net.ipv4.ip_local_port_range = 1024    65000
    93. #修改防火墙表大小,默认65536
    94. #net.netfilter.nf_conntrack_max=655350
    95. #net.netfilter.nf_conntrack_tcp_timeout_established=1200
    97. # 确保无人能修改路由表
    98. net.ipv4.conf.all.accept_redirects = 0
    99. net.ipv4.conf.default.accept_redirects = 0
    100. net.ipv4.conf.all.secure_redirects = 0
    101. net.ipv4.conf.default.secure_redirects = 0

    使其生效:
    [root@hadoop102 ~]# sysctl -p