20 lines
971 B
Bash
20 lines
971 B
Bash
#!/bin/bash
|
||
|
||
# 开启SYN Cookies,预防Flood
|
||
sed -i '$a\net.ipv4.tcp_syncookies = 1' /etc/sysctl.conf
|
||
# 开启重用,允许将TIME-WAIT套接字重新用于新的TCP连接
|
||
sed -i '$a\net.ipv4.tcp_tw_reuse = 1' /etc/sysctl.conf
|
||
# 开启TCP连接中TIME-WAIT套接字的快速回收
|
||
sed -i '$a\net.ipv4.tcp_tw_recycle = 1' /etc/sysctl.conf
|
||
# 如果套接字由本端要求关闭,这个参数决定了它保持在FIN-WAIT-2状态的时间,单位s
|
||
sed -i '$a\net.ipv4.tcp_fin_timeout = 30' /etc/sysctl.conf
|
||
# 当keepalive启用时,TCP发送keepalive消息的频度,单位s
|
||
sed -i '$a\net.ipv4.tcp_keepalive_time = 1200' /etc/sysctl.conf
|
||
# 向外连接的端口范围
|
||
sed -i '$a\net.ipv4.ip_local_port_range = 1024 65000' /etc/sysctl.conf
|
||
# SYN队列的长度
|
||
sed -i '$a\net.ipv4.tcp_max_syn_backlog = 8192' /etc/sysctl.conf
|
||
# 系统同时保持TIME_WAIT套接字的最大数量
|
||
sed -i '$a\net.ipv4.tcp_max_tw_buckets = 5000' /etc/sysctl.conf
|
||
|
||
/usr/sbin/sysctl -p
|