/etc/sysctl.conf 用于控制内核相关的配置参数,而且它的内容全部是对应于 /proc/sys/ 这个目录的子目录及文件
[root@localhost ~]$ ll /proc/sys total 0 dr-xr-xr-x 1 root root 0 Dec 25 11:38 abi # 应用的二进制信息 dr-xr-xr-x 1 root root 0 Dec 25 11:38 debug # 调试相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 25 11:38 dev # 设备相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 14 16:19 fs # 文件系统相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 14 16:20 kernel # 内核相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 14 16:20 net # 网络相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 25 11:38 user # 用户相关的系统配置目录 dr-xr-xr-x 1 root root 0 Dec 21 11:36 vm # 内存相关的系统配置目录
常用配置如下,配置的说明参考:https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
# Network Settings net.ipv4.conf.all.promote_secondaries = 1 net.ipv4.conf.default.accept_source_route = 0 net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.ip_forward = 0 net.ipv4.neigh.default.gc_thresh3 = 4096 net.ipv4.tcp_syncookies = 1 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 net.ipv6.neigh.default.gc_thresh3 = 4096 net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 # Kernel Settings kernel.core_uses_pid = 1 kernel.msgmax = 65536 kernel.msgmnb = 65536 kernel.numa_balancing = 0 kernel.printk = 5 kernel.shmmax = 68719476736 kernel.softlockup_panic = 1 kernel.sysrq = 1