|
@@ -1010,14 +1010,6 @@ Enter the following:
|
1010
|
1010
|
#+BEGIN_SRC: bash
|
1011
|
1011
|
#!/bin/bash
|
1012
|
1012
|
|
1013
|
|
-# Enable syn cookies
|
1014
|
|
-echo 1 > /proc/sys/net/ipv4/tcp_syncookies
|
1015
|
|
-
|
1016
|
|
-# Other settings
|
1017
|
|
-echo 1 > /proc/sys/net/ipv4/tcp_keepalive_probes
|
1018
|
|
-echo 2 > /proc/sys/net/ipv4/tcp_synack_retries
|
1019
|
|
-echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
|
1020
|
|
-
|
1021
|
1013
|
# First of all delete any existing rules.
|
1022
|
1014
|
# This means you're back to a known state:
|
1023
|
1015
|
iptables -P INPUT ACCEPT
|
|
@@ -1168,6 +1160,7 @@ emacs /etc/sysctl.conf
|
1168
|
1160
|
Uncomment or change the following:
|
1169
|
1161
|
|
1170
|
1162
|
#+BEGIN_SRC: bash
|
|
1163
|
+net.ipv4.tcp_syncookies = 1
|
1171
|
1164
|
net.ipv4.conf.all.accept_redirects = 0
|
1172
|
1165
|
net.ipv6.conf.all.accept_redirects = 0
|
1173
|
1166
|
net.ipv4.conf.all.send_redirects = 0
|
|
@@ -1184,9 +1177,18 @@ And append the following:
|
1184
|
1177
|
#+BEGIN_SRC: bash
|
1185
|
1178
|
# ignore pings
|
1186
|
1179
|
net.ipv4.icmp_echo_ignore_all = 1
|
|
1180
|
+net.ipv6.icmp_echo_ignore_all = 1
|
1187
|
1181
|
|
1188
|
1182
|
# disable ipv6
|
1189
|
1183
|
net.ipv6.conf.all.disable_ipv6 = 1
|
|
1184
|
+
|
|
1185
|
+net.ipv4.tcp_synack_retries = 2
|
|
1186
|
+net.ipv4.tcp_syn_retries = 1
|
|
1187
|
+
|
|
1188
|
+# keepalive
|
|
1189
|
+net.ipv4.tcp_keepalive_probes = 9
|
|
1190
|
+net.ipv4.tcp_keepalive_intvl = 75
|
|
1191
|
+net.ipv4.tcp_keepalive_time = 7200
|
1190
|
1192
|
#+END_SRC
|
1191
|
1193
|
|
1192
|
1194
|
Save and exit. It may be a good idea to reboot at this point and then log back into the BBB using ssh. You can do a safe reboot of the system by typing:
|