[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cambiare permanentemente impostazioni di ip_conntrack

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

snowdog ha scritto:
>
>
> da linea di comando con
> # echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
lo puoi mettere all'inizio dell script di firewalling
il mio ha per esempio queste righe

if [ -e /proc/sys/net/ipv4/tcp_syncookies ]; then echo 1 >
/proc/sys/net/ipv4/tcp_syncookies; fi
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then echo 1 >
/proc/sys/net/ipv4/conf/all/rp_filter; fi
if [ -e /proc/sys/net/ipv4/ip_forward ]; then echo 1 >
/proc/sys/net/ipv4/ip_forward; fi
if [ -e /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses ]; then
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses; fi
if [ -e /proc/sys/net/ipv4/conf/all/accept_source_route ]; then echo 0
> /proc/sys/net/ipv4/conf/all/accept_source_route; fi
if [ -e /proc/sys/net/ipv4/tcp_ecn ]; then echo 0 >
/proc/sys/net/ipv4/tcp_ecn; fi
if [ -e /proc/sys/net/ipv4/conf/all/send_redirects ]; then echo 0 >
/proc/sys/net/ipv4/conf/all/send_redirects; fi
if [ -e /proc/sys/net/ipv4/conf/all/secure_redirects ]; then echo 1 >
/proc/sys/net/ipv4/conf/all/secure_redirects; fi
if [ -e /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts ]; then echo 1
> /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts; fi
if [ -e /proc/sys/net/ipv4/netfilter/ip_ct_generic_timeout ]; then
echo 120 > /proc/sys/net/ipv4/netfilter/ip_ct_generic_timeout; fi


my 2 cents

- --

Mario Vittorio Guenzi
E-mail jclark@tiscali.it
Si vis pacem, para bellum
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIX8Jam6qs1ZkNrIoRAmFgAJ9nv+9IpdgjLo0nD6A32rYWoaKtsgCeK23v
Qsv8vLBGd6+dARfO1VhwdZY=
=tYTK
-----END PGP SIGNATURE-----
Reply to: