systemd/sysctl.d/50-default.conf

8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#  This file is part of systemd.
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#  systemd is free software; you can redistribute it and/or modify it
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#  under the terms of the GNU Lesser General Public License as published by
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#  the Free Software Foundation; either version 2.1 of the License, or
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers#  (at your option) any later version.
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# See sysctl.d(5) and core(5) for for documentation.
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# To override settings in this file, create a local file in /etc
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# there.
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers
0f59fe5171b5564fc6fb58f3281fbc259c45f7d0Kay Sievers# System Request functionality of the kernel (SYNC)
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek#
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# Use kernel.sysrq = 1 to allow all keys.
16b65d7f463e91f6299dfa7b83d4b5fbeb109d1cZbigniew Jędrzejewski-Szmek# See http://fedoraproject.org/wiki/QA/Sysrq for a list of values and keys.
0f59fe5171b5564fc6fb58f3281fbc259c45f7d0Kay Sieverskernel.sysrq = 16
0f59fe5171b5564fc6fb58f3281fbc259c45f7d0Kay Sievers
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers# Append the PID to the core filename
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sieverskernel.core_uses_pid = 1
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers# Source route verification
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sieversnet.ipv4.conf.default.rp_filter = 1
1836bf9e1d70240c8079e4db4312309f4f1f91fdLennart Poetteringnet.ipv4.conf.all.rp_filter = 1
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers# Do not accept source routing
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sieversnet.ipv4.conf.default.accept_source_route = 0
1836bf9e1d70240c8079e4db4312309f4f1f91fdLennart Poetteringnet.ipv4.conf.all.accept_source_route = 0
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers
ad8bc9ea508740074cead005aa3cfd1ba10a5dacTom Gundersen# Promote secondary addresses when the primary address is removed
ad8bc9ea508740074cead005aa3cfd1ba10a5dacTom Gundersennet.ipv4.conf.default.promote_secondaries = 1
1836bf9e1d70240c8079e4db4312309f4f1f91fdLennart Poetteringnet.ipv4.conf.all.promote_secondaries = 1
ad8bc9ea508740074cead005aa3cfd1ba10a5dacTom Gundersen
e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt# Fair Queue CoDel packet scheduler to fight bufferbloat
e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidtnet.core.default_qdisc = fq_codel
e6c253e363dee77ef7e5c5f44c4ca55cded3fd47Michal Schmidt
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sievers# Enable hard and soft link protection
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sieversfs.protected_hardlinks = 1
8f27a2212ee8d6311c88ef4358953ad0d7bfa851Kay Sieversfs.protected_symlinks = 1