# default kernel parameters
rm -f /etc/sysctl.conf.$$
cat > /etc/sysctl.conf.$$ <<EOF
-kernel.exec-shield=3
kernel.maps_protect=1
net.core.rmem_default=1048576
net.core.wmem_default=1048576
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.ip_forward=0
net.ipv4.ip_local_port_range=10000 65000
-net.ipv4.tcp_congestion_control=cubic
net.ipv4.tcp_ecn=0
-net.ipv4.tcp_max_syn_backlog=8192
+net.ipv4.tcp_max_syn_backlog=1024
net.ipv4.tcp_retries1=2
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_syncookies=1
# old kernel params
if [ -e /etc/sysctl.conf ]; then
- egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies' \
+ egrep -v 'net\.core\.(r|w)mem_max|net\.ipv4\.tcp_(r|w)mem|vm\.bdflush|net\.ipv4\.ip_local_port_range|kernel\.rtsig-max|net\.ipv4\.tcp_syncookies|kernel\.exec-shield|net\.ipv4\.tcp_max_syn_backlog|net\.ipv4\.tcp_congestion_control' \
/etc/sysctl.conf >> /etc/sysctl.conf.$$
fi