优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加如下文本
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024  65535使配置立即生效:
/sbin/sysctl -p

防ddos攻击

Sysctl 修改
vi /etc/rc.local
加入如下文本
sysctl kern.ipc.maxsockets=100000  ##增加并发的socket,对

于ddos很有用
sysctl kern.ipc.somaxconn=65535  ##打开文件数
sysctl net.inet.tcp.msl=2500   ##timeout时间
Linux内核参数

发表评论

电子邮件地址不会被公开。 必填项已用*标注