Merge "conntrack: set sane sysctl defaults"
This commit is contained in:
commit
eb1980f0e3
11
config.yaml
11
config.yaml
@ -191,7 +191,16 @@ options:
|
||||
to run. Supported modules currently include os, ssh, apache and mysql.
|
||||
sysctl:
|
||||
type: string
|
||||
default:
|
||||
default: |
|
||||
{ net.ipv4.neigh.default.gc_thresh1 : 128,
|
||||
net.ipv4.neigh.default.gc_thresh2 : 28672,
|
||||
net.ipv4.neigh.default.gc_thresh3 : 32768,
|
||||
net.ipv6.neigh.default.gc_thresh1 : 128,
|
||||
net.ipv6.neigh.default.gc_thresh2 : 28672,
|
||||
net.ipv6.neigh.default.gc_thresh3 : 32768,
|
||||
net.nf_conntrack_max : 1000000,
|
||||
net.netfilter.nf_conntrack_buckets : 204800,
|
||||
net.netfilter.nf_conntrack_max : 1000000 }
|
||||
description: |
|
||||
YAML formatted associative array of sysctl values, e.g.:
|
||||
'{ kernel.pid_max : 4194303 }'
|
||||
|
@ -67,6 +67,7 @@ TO_PATCH = [
|
||||
'setup_ufw',
|
||||
'revoke_access',
|
||||
'kv',
|
||||
'create_sysctl',
|
||||
]
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user