|
#!/bin/sh
IPTABLE="/usr/local/sbin/iptables" #Check source route path for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do echo 0 > $f done > /dev/null 2>&1 #Check source ip arp for f in /proc/sys/net/ipv4/conf/*/rp_filter;do echo 1 > $f done > /dev/null 2>&1 #Deny ping and flood-syn #echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all sysctl -w net.ipv4.tcp_syncookies=1 > /dev/null 2>&1 sysctl -w net.ipv4.tcp_synack_retries=2 > /dev/null 2>&1 sysctl -w net.ipv4.tcp_syn_retries=2 > /dev/null 2>&1 sysctl -w net.ipv4.icmp_echo_ignore_all=1 > /dev/null 2>&1 #enable forward #echo 1 > /proc/sys/net/ipv4/ip_forward > /dev/null 2>&1 #echo 102400 > /proc/sys/net/ipv4/ip_conntrack_max > /dev/null 2>&1 #iptables status tracert table sysctl -w tcp_tw_recycle=1 > /dev/null 2>&1 sysctl -w tcp_tw_reuse=1 > /dev/null 2>&1 sysctl -w tcp_keepalive_intvl=60 > /dev/null 2>&1 sysctl -w tcp_keepalive_probes=3 > /dev/null 2>&1 sysctl -w tcp_keepalive_time=1800 > /dev/null 2>&1 sysctl -w tcp_fin_timeout=30 > /dev/null 2>&1 #sysctl -w net.ipv4.tcp_retries1=2 > /dev/null 2>&1 #sysctl -w net.ipv4.tcp_retries2=8 > /dev/null 2>&1 sysctl -w net.ipv4.ip_forward=1 > /dev/null 2>&1 sysctl -w net.ipv4.ip_conntrack_max=102400 > /dev/null 2>&1 |
 |
给我留言 | |