# My kernel sysctl configuration file for FC3-5/RH/CentOS Linux optimized for 100 mbit

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
# disabled for VPS
#kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
# disabled for VPS
#kernel.core_uses_pid = 1

# 100 mbit performance boosters by jult 2007

net.core.rmem_default = 256960
# (is now 113664) mine is based on 100000000/8 bytes * 0.03 sec. (average RTT)
net.core.rmem_max = 513920
# (is now 131072)

net.core.wmem_default = 256960
# (is now 113664) mine is based on 100000000/8 bytes * 0.03 sec. (average RTT)
net.core.wmem_max = 838860
# (is now 131072)

# these are deprecated/not necessary:
net.ipv4.tcp_timestamps = 0
# huge perfomance booster for fast cpu/mem buses with gigabit nics:
net.ipv4.tcp_sack = 0

# some good anti DDoS stuff;
#
# decrease time default value for tcp_fin_timeout connection (is now 60)
net.ipv4.tcp_fin_timeout = 30
# decrease the time default value for tcp_keepalive_time connection (is 7200)
net.ipv4.tcp_keepalive_time = 6000
# TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1
# ignoring imap broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
# bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 360000
# allowed local port range
net.ipv4.ip_local_port_range = 16384 65535