/etc/sysctl.conf 常用配置

linux内核参数见 https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

禁止ping

# 临时
sysctl net.ipv4.icmp_echo_ignore_all=1
#或者
echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all
#永久
echo "net.ipv4.icmp_echo_ignore_all=1" >>/etc/sysctl.conf
sysctl -p

允许非root用户使用1024以下端口

#临时
sysctl net.ipv4.ip_unprivileged_port_start=0
#或者
echo 0 >/proc/sys/net/ipv4/ip_unprivileged_port_start
#永久
echo "net.ipv4.ip_unprivileged_port_start=0" >>/etc/sysctl.conf
sysctl -p

禁用ipv6

echo "net.ipv6.conf.all.disable_ipv6=1" >>/etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6=1" >>/etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6=1" >>/etc/sysctl.conf
sysctl -p