sysctl.con

  1. # sysctl settings are defined through files in
  2. # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
  3. #
  4. # Vendors settings live in /usr/lib/sysctl.d/.
  5. # To override a whole file, create a new file with the same in
  6. # /etc/sysctl.d/ and put new settings there. To override
  7. # only specific settings, add a file with a lexically later
  8. # name in /etc/sysctl.d/ and put new settings there.
  9. #
  10. # For more information, see sysctl.conf(5) and sysctl.d(5).
  11. net.ipv6.conf.eth0.accept_dad = 0
  12. net.ipv6.conf.eth0.accept_ra = 1
  13. net.ipv6.conf.eth0.accept_ra_defrtr = 1
  14. net.ipv6.conf.eth0.accept_ra_rtr_pref = 1
  15. net.ipv6.conf.eth0.accept_ra_rt_info_max_plen = 1
  17. vm.swappiness=0
  18. net.ipv4.neigh.default.gc_stale_time=120
  20. # see details in https://help.aliyun.com/knowledge_detail/39428.html
  21. net.ipv4.conf.all.rp_filter=0
  22. net.ipv4.conf.default.rp_filter=0
  23. net.ipv4.conf.default.arp_announce=2
  24. net.ipv4.conf.lo.arp_announce=2
  25. net.ipv4.conf.all.arp_announce=2
  27. # see details in https://help.aliyun.com/knowledge_detail/41334.html
  28. net.ipv4.tcp_max_tw_buckets=5000
  29. net.ipv4.tcp_syncookies=1
  30. net.ipv4.tcp_max_syn_backlog=1024
  31. net.ipv4.tcp_synack_retries=2
  33. net.ipv6.conf.all.disable_ipv6=1
  34. net.ipv6.conf.default.disable_ipv6=1
  35. net.ipv6.conf.lo.disable_ipv6=1
  37. kernel.sysrq=1
  40. vm.max_map_count=262144
  41. net.nf_conntrack_max=1048576
  42. net.netfilter.nf_conntrack_max=1048576
  43. net.bridge.bridge-nf-call-iptables=1

limit.cof

  2. cat <<EOF>>/etc/security/limits.conf
  3. root soft nofile 65535
  4. root hard nofile 65535
  5. * soft nofile 65535
  6. * hard nofile 65535
  8. * soft nproc 65535
  9. * hard nproc 65535
  10. * soft core 0
  11. * hard core 0
  12. * soft stack unlimited
  13. * hard stack unlimited
  14. * soft memlock unlimited
  15. * hard memlock unlimited
  17. EOF