Commit Graph

24 Commits

Author SHA1 Message Date
Daniel Micay
ef3d3f35e1 handle kernel.sched_energy_aware being unavailable 2024-10-26 13:10:36 -04:00
Daniel Micay
01201c0ece disable io_uring without CAP_SYS_ADMIN or io_uring group 2024-07-01 23:15:38 -04:00
Daniel Micay
f9425e3ebd reduce conntrack UDP timeouts
This only applies to outbound NTP requests since we use notrack for our
UDP services and DNS-over-TLS for our local resolver. We'd have no need
for longer timeouts even if that wasn't the case.
2024-04-30 12:13:02 -04:00
Daniel Micay
6dbc014f4b set conntrack expectation table to minimum size 2024-04-27 12:48:21 -04:00
Daniel Micay
bab3f0c14a disable IPv4-mapped IPv6 addresses by default 2024-04-25 10:38:54 -04:00
Daniel Micay
fb40773157 reduce conntrack TCP TIME-WAIT timeout to match TCP stack 2024-04-24 21:12:12 -04:00
Daniel Micay
82cc1beccb remove unused SYN backlog configuration
This isn't used anymore despite inaccurate kernel configuration
documentation. The SYN_RECV queue is set based on the backlog value
just like the separate accept queue for established connections.
2024-04-24 18:58:41 -04:00
Daniel Micay
f3ae109eac reduce conntrack SYN timeouts to match TCP/IP stack 2024-04-24 10:45:02 -04:00
Daniel Micay
711e432a67 remove unnecessary local-reserved-ports.conf template 2024-04-13 14:17:23 -04:00
Daniel Micay
f9bce64060 enable TCP window shrinking
The default is a potential denial of service issue via TCP memory
exhaustion.
2024-04-13 13:52:08 -04:00
Daniel Micay
5106ec7f4a remove redundant vm.max_map_count configuration
The same value we were using is now the default.
2024-04-07 15:11:35 -04:00
Daniel Micay
eb55afa3a8 reorganize sysctl configuration 2024-03-24 11:03:31 -04:00
Daniel Micay
51a4f8ca7a extend disabling ICMP redirects 2024-03-24 10:43:37 -04:00
Daniel Micay
ec2cbbdb4e enforce strict reverse path filtering via nftables 2024-03-23 13:35:49 -04:00
Daniel Micay
d39937fc6c disable currently unused energy aware scheduling 2024-02-12 16:13:45 -05:00
Daniel Micay
dd9d6ff2a5 disable unused multipath TCP 2024-01-03 10:52:27 -05:00
Daniel Micay
dcb50a9085 add /etc/sysctl.d/local-reserved-ports.conf 2023-06-06 21:55:11 -04:00
Daniel Micay
6530e1a583 reboot immediately on kernel panic
We can adjust this if we ever need to debug a kernel panic issue which
is not expected.
2023-01-09 14:18:30 -05:00
Daniel Micay
966100eb9f vm.max_map_count to 1048576 2022-09-25 07:48:50 -04:00
Daniel Micay
5461b3f05b raise tcp_max_syn_backlog to 65536 2022-08-28 15:54:11 -04:00
Daniel Micay
256c3652cc disable unused binfmt_misc 2022-08-14 13:46:00 -04:00
Daniel Micay
829ea23e8d lower conntrack established tcp connection timeout 2022-07-03 05:28:54 -04:00
Daniel Micay
1c47cd88ab disable loose TCP connection tracking 2022-07-03 03:50:53 -04:00
Daniel Micay
f6435cae74 reduce tcp retransmission attempts 2022-06-29 03:58:53 -04:00