# # Distribution defaults. # Use /etc/sysctl.conf to override. # # Disable response to broadcast pings to avoid smurf attacks. net.ipv4.icmp_echo_ignore_broadcasts = 1 # enable route verification on all interfaces net.ipv4.conf.all.rp_filter = 1 # avoid deleting secondary IPs on deleting the primary IP net.ipv4.conf.default.promote_secondaries = 1 net.ipv4.conf.all.promote_secondaries = 1 # disable IPv6 completely #net.ipv6.conf.all.disable_ipv6 = 1 # enable IPv6 forwarding #net.ipv6.conf.all.forwarding = 1 # enable IPv6 privacy (bnc#678066) net.ipv6.conf.default.use_tempaddr = 2 # increase the number of possible inotify(7) watches fs.inotify.max_user_watches = 65536 # Magic SysRq Keys enable some control over the system even if it # crashes (e.g. during kernel debugging). # # 0 - disable sysrq completely # 1 - enable all functions of sysrq # >1 - bitmask of allowed sysrq functions: # 2 - enable control of console logging level # 4 - enable control of keyboard (SAK, unraw) # 8 - enable debugging dumps of processes etc. # 16 - enable sync command # 32 - enable remount read-only # 64 - enable signalling of processes (term, kill, oom-kill) # 128 - allow reboot/poweroff # 256 - allow nicing of all RT tasks # # For further information see /usr/src/linux/Documentation/sysrq.txt # default 176 = 128+32+16 kernel.sysrq = 176