简单点
微信关注,获取更多 
使用vi编辑器打开“sysctl.conf”文件
vi /etc/sysctl.conf
添加/修改以下参数:
# 关闭IPv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 # 避免放大攻击 net.ipv4.icmp_echo_ignore_broadcasts = 1 # 开启恶意ICMP错误消息保护 net.ipv4.icmp_ignore_bogus_error_responses = 1 # 关闭路由转发 net.ipv4.ip_forward = 0 net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # 开启反向路径过滤 net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # 处理无源路由的包 net.ipv4.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 # 关闭sysrq功能 kernel.sysrq = 0 # core文件名中添加pid作为扩展名 kernel.core_uses_pid = 1 # 开启SYN洪水攻击保护 net.ipv4.tcp_syncookies = 1 # 修改消息队列长度 kernel.msgmnb = 65536 kernel.msgmax = 65536 # 设置最大内存共享 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 # TIME_WAIT套接字的最大数量 net.ipv4.tcp_max_tw_buckets = 6000 # 使用Selective ACK net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 # TCP读写buffer优化 net.ipv4.tcp_rmem = 4096 87380 4194304 net.ipv4.tcp_wmem = 4096 16384 4194304 net.core.wmem_default = 8388608 net.core.rmem_default = 8388608 net.core.rmem_max = 16777216 net.core.wmem_max = 16777216 # 数据包最大设备队列 net.core.netdev_max_backlog = 262144 # 防止简单的Dos攻击 net.ipv4.tcp_max_orphans = 3276800 # SYN队列的长度 net.ipv4.tcp_max_syn_backlog = 262144 # 禁用时间戳 net.ipv4.tcp_timestamps = 0 # 放弃建立连接之前发送的SYNACK包数量 net.ipv4.tcp_synack_retries = 1 # 放弃建立连接之前发送的SYN包数量 net.ipv4.tcp_syn_retries = 1 # 启用TIME-WAIT sockets快速回收 net.ipv4.tcp_tw_recycle = 1 # 开启重用,允许将TIME-WAIT sockets重新用于新的TCP连接 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_mem = 94500000 915000000 927000000 net.ipv4.tcp_fin_timeout = 1 # TCP发送keepalive消息的频度 net.ipv4.tcp_keepalive_time = 30 # 允许系统打开的端口范围 net.ipv4.ip_local_port_range = 1024 65000 # 修改防火墙表大小,默认65536 net.netfilter.nf_conntrack_max = 655350 net.netfilter.nf_conntrack_tcp_timeout_established = 1200 # 确保无人能修改路由表 net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0
