nicolas
/
Ansible-Playbooks
mirror of https://github.com/nmasse-itix/Ansible-Playbooks.git
1
0
Fork 0
Code Issues Releases Wiki Activity
All my Ansible Playbooks
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
112 KiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Ansible-Playbooks/OneAccess-Ansible-Playbook/roles/ssg-8.3/templates/tcp_tune

87 lines
2.7 KiB
Raw Permalink Blame History

#!/bin/bash
# Network Startup config
#
# chkconfig: 2345 99 01
# description: Layer7's Secure Span Gateway TCP protection
# processname: none
# pidfile: none
# config: none
# Source function library.
. /etc/rc.d/init.d/functions
# Tune the Linux TCP/IP Stack
start() {
echo "Setting wide local port range for more outbound connections"
echo "1024 65530" > /proc/sys/net/ipv4/ip_local_port_range
echo "Disable ECN because some systems don't do it right yet"
echo 0 > /proc/sys/net/ipv4/tcp_ecn
echo "Setting Low latency TCP"
echo 1 > /proc/sys/net/ipv4/tcp_low_latency
echo "Turning off timestamps"
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo "Lowering keepalive time"
echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 5 > /proc/sys/net/ipv4/tcp_keepalive_intvl
echo "Lowering FIN timeout"
echo 20 > /proc/sys/net/ipv4/tcp_fin_timeout
echo "Turning On Window scaling"
echo 1 > /proc/sys/net/ipv4/tcp_window_scaling
echo "Turning On Selective Acknowledgement"
echo 1 > /proc/sys/net/ipv4/tcp_sack
echo "Disable route triangulation"
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
echo "Disable Source routing"
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "Disable Ping broadcasts"
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo "Increasing SYN packet Backlog"
echo 8192 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo "Setting higher tcp memory limits"
echo 16777216 > /proc/sys/net/core/wmem_max
echo 16777216 > /proc/sys/net/core/rmem_max
# The following are in 4k-byte PAGES, not bytes
echo "196608 262144 393216" > /proc/sys/net/ipv4/tcp_mem
echo "Setting socket sizes for best cpu usage"
echo "131072" > /proc/sys/net/core/wmem_default
echo "174760" > /proc/sys/net/core/rmem_default
echo "4096 174760 16777216" > /proc/sys/net/ipv4/tcp_rmem
echo "4096 16384 16777216" > /proc/sys/net/ipv4/tcp_wmem
echo "Turning on TIME_WAIT recyle and reuse"
echo 1 > /proc/sys/net/ipv4/tcp_tw_recycle
echo 1 > /proc/sys/net/ipv4/tcp_tw_reuse
echo "Increasing number of TIME_WAIT buckets"
echo 360000 > /proc/sys/net/ipv4/tcp_max_tw_buckets
echo "Turning on syncookie protection from Denial of Service (DOS) attacks"
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "Don't cache thresholds from previous connections"
echo 1 > /proc/sys/net/ipv4/tcp_no_metrics_save
echo "Increase Network backlogs for Gigabit"
echo 2500 > /proc/sys/net/core/netdev_max_backlog
echo "Increase maximum connections"
echo 10240 > /proc/sys/net/core/somaxconn
echo "Memory limit for fragment assembly"
echo 4194304 > /proc/sys/net/ipv4/ipfrag_high_thresh
echo "Done"
return 0
}
stop() {
echo
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
esac
exit $RETVAL