- 论坛徽章:
- 13
|
http://blog.chinaunix.net/uid-25256412-id-91426.html
Ipsysctl-tutorial: http://www.frozentux.net/documents/ipsysctl-tutorial/- 【With the sysctl application】:
- The sysctl application can be used to either set variables through the command line, or to set a larger set of variables through a configuration file as previously described. sysctl may also set several variables through the command line at once if need be, and it may also be used to list all variables and their respective values.
- 1.1. First of all, to list all variables possible you could issue the following command:
- [root@rhel5 ~]# sysctl -a →→ to list all variables
- [root@rhel5 ~]# sysctl net.ipv4.tcp_sack →→ to read a specific variable
- [root@rhel5 ~]# sysctl -w net.ipv4.tcp_sack=0 →→ to set a value
- 1.2. Reload /etc/sysctl.conf
- [root@rhel5 ~]# sysctl -p →→ to load all of the settings we have in the /etc/sysctl.conf file
- [root@rhel5 ~]# sysctl -p /etc/testsysctl.conf →→ load the testsysctl.conf configuration options instead of our default file
- 【With /proc】:
- 1.1. It may be a very bad idea to turn on ip_forward before we have all the firewall rules and routes up and running.
- [root@rhel5 ~]# echo "1" > /proc/sys/net/ipv4/tcp_sysncookies →→ 默认值是1,开启防御SYN Flood攻击
- [root@rhel5 ~]# echo "1" > /proc/sys/net/ipv4/ip_forward →→ 默认值是0,开启ip_forward
- 1.2.icmp_echo_ignore_all
- If this is variable is turned on, you and others will be unable to ping the machine in question which is generally a bad thing. Of course, everyone has different opinions about this,
- some say it is good because people will be unable to ping you and hence know you are there, some say it is bad because you want people to know you are available on the internet.
- A lot of tools and applications rely upon ICMP Echo requests, some good, some bad as always.
- [root@rhel5 ~]# echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all →→默认值是0,所谓的(Disable death of PING);
|
|
免费注册
发表于 2010-08-30 08:15
发表于 2010-09-03 21:02
