分享/etc/sysctl.conf和/boot/loader.conf优化

4．3 FREEBSD网络优化

# vi /etc/sysctl.conf
=========+===========+===========+============
net.inet.ip.check_interface=1
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
kern.ipc.somaxconn=32768
kern.ipc.maxsockbuf=2097152
net.inet.ip.redirect=1
net.inet.icmp.icmplim=100
net.inet.tcp.always_keepalive=1
net.inet.tcp.delayed_ack=1
net.inet.udp.maxdgram=65535
net.local.stream.sendspace=65535
net.local.stream.recvspace=65535
kern.maxfiles=65536
kern.maxfilesperproc=65536
net.inet.udp.checksum=1
net.inet.tcp.msl=7500
net.inet.tcp.syncookies=1
kern.securelevel=0
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
=========+===========+===========+============
# vi /boot/loader.conf
=========+===========+===========+============
kern.maxdsiz="536870912" //这参数在你的内存小于512M时没必要设置
kern.ipc.maxsockets="4008"
kern.ipc.nmbclusters="32768"
kern.ipc.nmbufs="65535"
kern.ipc.nsfbufs="2496"
net.inet.tcp.tcbhashsize="2048"

/boot/loader.conf

kern.maxdsiz="536870912"
kern.ipc.maxsockets="16424"
kern.ipc.nmbclusters="32768"
kern.ipc.nmbufs="65535"
kern.ipc.nsfbufs="2496"
net.inet.tcp.tcbhashsize="2048"
kern.maxusers="256"

/etc/sysctl.conf

net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
net.inet.tcp.drop_synfin=1
kern.maxvnodes=100000
kern.maxprocperuid=867
kern.maxfiles=65536
kern.argmax=262144
kern.securelevel=-1
kern.maxfilesperproc=1735
kern.ipc.maxsockbuf=262144
kern.ipc.somaxconn=8192
kern.ipc.shmmax=33554432
kern.ipc.shmall=8192
kern.ipc.shm_use_phys=0
kern.ipc.shm_allow_removed=0
kern.coredump=1
kern.corefile=%N.core
vm.swap_idle_enabled=0
vm.swap_idle_threshold1=2
vm.swap_idle_threshold2=10
vfs.ufs.dirhash_maxmem=2097152
vfs.vmiodirenable=1
vfs.hirunningspace=1048576
vfs.write_behind=1
net.local.stream.sendspace=65536
net.inet.ip.portrange.lowfirst=1023
net.inet.ip.portrange.lowlast=600
net.inet.ip.portrange.first=49152
net.inet.ip.portrange.last=65535
net.inet.ip.portrange.hifirst=49152
net.inet.ip.portrange.hilast=65535
net.inet.ip.redirect=1
net.inet.ip.rtexpire=3600
net.inet.ip.rtminexpire=10
net.inet.ip.intr_queue_maxlen=50
net.inet.ip.intr_queue_drops=0
net.inet.ip.random_id=0
net.inet.icmp.icmplim=200
net.inet.icmp.icmplim_output=1
net.inet.icmp.drop_redirect=0
net.inet.icmp.log_redirect=0
net.inet.tcp.mssdflt=512
net.inet.tcp.minmss=216
net.inet.tcp.keepidle=7200000
net.inet.tcp.sendspace=32768
net.inet.tcp.recvspace=65536
net.inet.udp.maxdgram=9216
net.inet.udp.recvspace=42080
net.inet.tcp.log_in_vain=0
net.inet.tcp.blackhole=2
net.inet.tcp.delayed_ack=1
net.inet.tcp.inflight.debug=0
net.inet.tcp.inflight.rttthresh=10
net.inet.tcp.inflight.min=6144
net.inet.tcp.inflight.max=1073725440
net.inet.tcp.inflight.stab=20
net.inet.tcp.msl=30000
net.inet.tcp.always_keepalive=1
net.inet.udp.log_in_vain=0
net.inet.udp.blackhole=1
net.inet.raw.maxdgram=8192
net.inet.raw.recvspace=8192
net.link.ether.inet.max_age=1200
net.inet6.ip6.redirect=1
net.isr.direct=0
hw.ata.wc=1
security.bsd.see_other_uids=1
security.bsd.see_other_gids=1