defhandler_coff. No description for defhandler_coff

defhandler_elf. No description for defhandler_elf

defhandler_lcall7. No description for defhandler_lcall7

defhandler_libcso. No description for defhandler_libcso

fake_utsname. No description for fake_utsname

trace. No description for trace

dir-notify-enable. No description for dir-notify-enable

file-max. The kernel allocates file handles dynamically, but doesn't free them again at this time. The value in file-max denotes the maximum number of file handles that the Linux kernel will allocate. When you get a lot of error messages about running out of file handles, you might want to raise this limit. --- Possible values: doc etc Default value: 4096

lease-break-time. No description for lease-break-time

leases-enable. No description for leases-enable

overflowgid. No description for overflowgid

overflowuid. No description for overflowuid

acct. No description for acct

cad_pid. No description for cad_pid

cap-bound. No description for cap-bound

core_uses_pid. No description for core_uses_pid

ctrl-alt-del. No description for ctrl-alt-del

domainname. No description for domainname

hostname. No description for hostname

hotplug. No description for hotplug

modprobe. No description for modprobe

msgmax. No description for msgmax

msgmnb. No description for msgmnb

msgmni. No description for msgmni

overflowgid. No description for overflowgid

overflowuid. No description for overflowuid

panic. No description for panic

printk. No description for printk

real-root-dev. No description for real-root-dev

rtsig-max. No description for rtsig-max

sem. No description for sem

shmall. No description for shmall

shmmax. No description for shmmax

shmmni. No description for shmmni

tainted. No description for tainted

threads-max. No description for threads-max

nfs_debug. Enable(1) or disable(0) debugging for the RPC NFS. --- Possible values: [0|1] Default value: 0

nfsd_debug. Enable(1) or disable(0) debugging for the RPC NFS-daemon. --- Possible values: [0|1] Default value: 0

nlm_debug. Enable(1) or disable(0) debugging for the RPC NLM. --- Possible values: [0|1] Default value: 0

rpc_debug. Enable(1) or disable(0) debugging for the RPC functions. --- Possible values: [0|1] Default value: 0

bdflush. No description for bdflush

kswapd. No description for kswapd

max-readahead. No description for max-readahead

max_map_count. No description for max_map_count

min-readahead. No description for min-readahead

overcommit_memory. No description for overcommit_memory

page-cluster. No description for page-cluster

pagetable_cache. No description for pagetable_cache

max-user-freq. No description for max-user-freq

spintime. No description for spintime

timeslice. No description for timeslice

spintime. No description for spintime

timeslice. No description for timeslice

poolsize. No description for poolsize

read_wakeup_threshold. No description for read_wakeup_threshold

write_wakeup_threshold. No description for write_wakeup_threshold

dev_weight. No description for dev_weight

hot_list_length. No description for hot_list_length

lo_cong. No description for lo_cong

message_burst. These parameters are used to limit the warning messages written to the kernel log from the networking code. They enforce a rate limit to make a denial-of-service attack impossible. A higher message_cost factor, results in fewer messages that will be written. Message_burst controls when messages will be dropped. The default settings limit warning messages to one every five seconds. --- Default value: 50

message_cost. These parameters are used to limit the warning messages written to the kernel log from the networking code. They enforce a rate limit to make a denial-of-service attack impossible. A higher message_cost factor, results in fewer messages that will be written. Message_burst controls when messages will be dropped. The default settings limit warning messages to one every five seconds. --- Default value: 5

mod_cong. No description for mod_cong

netdev_max_backlog. Maximum number of packets, queued on the INPUT side, when the interface receives packets faster than kernel can process them. --- Default value: 300

no_cong. No description for no_cong

no_cong_thresh. No description for no_cong_thresh

optmem_max. Maximum ancillary buffer size allowed per socket. Ancillary data is a sequence of struct cmsghdr structures with appended data. --- Default value: 10240

rmem_default. The default setting of the socket receive buffer in bytes. --- Default value: 65535

rmem_max. The maximum receive socket buffer size in bytes. --- Default value: 65535

wmem_default. The default setting (in bytes) of the socket send buffer. --- Default value: 65535

wmem_max. The maximum send socket buffer size in bytes. --- Default value: 65535

icmp_echo_ignore_all. Turn on (1) or off (0), if the kernel should ignore all ICMP ECHO requests. Please note that if you accept ICMP echo requests with a broadcast/multi\-cast destination address your network may be used as an exploder for denial of service packet flooding attacks to other hosts. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

icmp_echo_ignore_broadcasts. Turn on (1) or off (0), if the kernel should ignore broadcast and multicast ICMP ECHO requests. Please note that if you accept ICMP echo requests with a broadcast/multi\-cast destination address your network may be used as an exploder for denial of service packet flooding attacks to other hosts. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

icmp_ignore_bogus_error_responses. Some routers violate RFC1122 by sending bogus responses to broadcast frames. Such violations are normally logged via a kernel warning. If this is set to TRUE, the kernel will not give such warnings, which will avoid log file clutter. --- Possible values: [0|1] Default value: 0 (FALSE)

icmp_ratelimit. Sets limits for sending ICMP packets to specific targets. A value of zero disables all limiting, otherwise the maximal rate in jiffies. On Intel systems that roughly means 100 is 1 second. --- Value type: INTEGER Possible values: doc etc Default value: 100

icmp_ratemask. Sets limits for sending ICMP packets to specific targets. A value of zero disables all limiting. Significant bits: IHGFEDCBA9876543210 Bit definitions (see include/linux/icmp.h): 0 Echo Reply 3 Destination Unreachable CHANGELOG COPYING CREDITS DocBook-create.sh README TODO VERSION descriptions.d doc doc-check.sh docbook etc haring-config.sh haring.sh haring.tar.gz 4 Source Quench CHANGELOG COPYING CREDITS DocBook-create.sh README TODO VERSION descriptions.d doc doc-check.sh docbook etc haring-config.sh haring.sh haring.tar.gz 5 Redirect 8 Echo Request B Time Exceeded CHANGELOG COPYING CREDITS DocBook-create.sh README TODO VERSION descriptions.d doc doc-check.sh docbook etc haring-config.sh haring.sh haring.tar.gz C Parameter Problem CHANGELOG COPYING CREDITS DocBook-create.sh README TODO VERSION descriptions.d doc doc-check.sh docbook etc haring-config.sh haring.sh haring.tar.gz D Timestamp Request E Timestamp Reply F Info Request G Info Reply H Address Mask Request I Address Mask Reply CHANGELOG COPYING CREDITS DocBook-create.sh README TODO VERSION descriptions.d doc doc-check.sh docbook etc haring-config.sh haring.sh haring.tar.gz These are rate limited by default (see default mask above) --- Default value: 6168 (mask: 0000001100000011000)

igmp_max_memberships. Change the maximum number of multicast groups we can subscribe to. --- Possible values: INTEGER Default value: 20

inet_peer_gc_maxtime. Maximum interval between garbage collection passes. This interval is in effect under low (or absent) memory pressure on the pool. Measured in jiffies. --- Possible values: INTEGER Default value: ???

inet_peer_gc_mintime. Minimum interval between garbage collection passes. This interval is in effect under high memory pressure on the pool. Measured in jiffies. --- Possible values: INTEGER Default value: ???

inet_peer_maxttl. Maximum time-to-live of entries. Unused entries will expire after this period of time if there is no memory pressure on the pool (i.e. when the number of entries in the pool is very small). Measured in jiffies. --- Possible values: INTEGER Default value: ???

inet_peer_minttl. Minimum time-to-live of entries. Should be enough to cover fragment time-to-live on the reassembling side. This minimum time-to-live is guaranteed if the pool size is less than inet_peer_threshold. Measured in jiffies. --- Possible values: INTEGER Default value: ???

inet_peer_threshold. The approximate size of the storage. Starting from this threshold entries will be thrown aggressively. This threshold also determines entries' time-to-live and time intervals between garbage collection passes. More entries, less time-to-live, less GC interval. --- Possible values: INTEGER Default value: ???

ip_autoconfig. This file contains the number one if the host received its IP configuration by RARP, BOOTP, DHCP or a similar mechanism. Otherwise it is zero. --- Default value: 0

ip_default_ttl. TTL (Time To Live) for IPv4 interfaces. This is simply the maximum number of hops a packet may travel. --- Default value: 64

ip_dynaddr. Enable dynamic socket address rewriting on interface address change. This is useful for dialup interface with changing IP addresses. If set non-zero, it enables support for dynamic addresses. If set to a non-zero value larger than 1, a kernel log message will be printed when dynamic address rewriting occurs. --- Value type: INTEGER Possible values: <0-65535> Default value: 0

ip_forward. Enable or disable forwarding of IP packages between interfaces. Changing this value resets all other parameters to their default values (RFC1122 for hosts, RFC1812 for routers). --- Possible values: [0|1] Default value: 0

ip_local_port_range. Defines the local port range that is used by TCP and UDP to choose the local port. The first number is the first, the second the last local port number. Default values depends on amount of memory available on the system: > 128Mb 32768 61000 < 128Mb 1024 4999 or even less. This number defines the number of active connections, which this system can issue simultaneously to systems not supporting TCP extensions (timestamps). With tcp_tw_recycle enabled (i.e. by default) range 1024-4999 is enough to issue up to 2000 connections per second to systems supporting timestamps. For high-usage systems set this to 32768 61000. --- Value type: INTEGER INTEGER Possible values: <1-65535> <1-65535> Default value: 1024 4999

ip_no_pmtu_disc. Global switch to turn path MTU discovery off. It can also be set on a per socket basis by the applications or on a per route basis. --- Possible values: [0|1] Default value: 0

ip_nonlocal_bind. If set, allows processes to bind() to non-local IP adresses, which can be quite useful - but may break some applications. ---- Value type: BOOLEAN Possible values: [0|1] Default value: 0

ipfrag_high_thresh. No description for ipfrag_high_thresh

ipfrag_low_thresh. No description for ipfrag_low_thresh

ipfrag_time. Time in seconds to keep an IP fragment in memory. --- Possible values: ? Default value: 30

tcp_abort_on_overflow. If listening service is too slow to accept new connections, reset them. Default state is FALSE. It means that if overflow occurred due to a burst, connection will recover. Enable this option _only_ if you are really sure that listening daemon cannot be tuned to accept connections faster. Enabling this option can harm clients of your server. --- Possible values: [0|1] Default value: 0

tcp_adv_win_scale. Count buffering overhead as: bytes/2^tcp_adv_win_scale (if tcp_adv_win_scale > 0) or bytes-bytes/2^(-tcp_adv_win_scale), if it is <= 0. --- Value type: INTEGER Possible values: doc etc Default value: 2

tcp_app_win. Reserve max(window/2^tcp_app_win, mss) of window for application buffer. Value 0 is special, it means that nothing is reserved. --- Value type: INTEGER Possivle values: doc etc Default value: 31

tcp_dsack. Allows TCP to send "duplicate" SACKs. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tcp_ecn. This file controls the use of the ECN bit in the IPv4 headers, this is a new feature about Explicit Congestion Notification, but some routers and firewalls block traffic that has this bit set, so the default is disabled. For more info you could read RFC2481. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

tcp_fack. Enable FACK congestion avoidance and fast restransmission. The value is not used, if tcp_sack is not enabled. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tcp_fin_timeout. The length of time in seconds it takes to receive a final FIN before the socket is always closed. This is strictly a violation of the TCP specification, but required to prevent denial-of-service attacks. Remember, when changing this setting, that if your machine is even underloaded WEB server, you risk to overflow memory with kilotons of dead sockets, FIN-WAIT-2 sockets are less dangerous than FIN-WAIT-1, because they eat maximum 1.5K of memory, but they tend to live longer. The 2.4 kernel default value is 60 seconds. The usual value used in a 2.2 kernel was 180 seconds, you may restore it, but --- Value type: INTEGER Possible values: doc etc Default value: 180 kernel-2.2 60 kernel-2.4

tcp_keepalive_intvl. How frequently the probes are send out. Multiplied by tcp_keepalive_probes it is time to kill not responding connection, after probes started. Default value: 75sec i.e. connection will be aborted after ~11 minutes of retries. --- Possible values: INTEGER Default value: 75

tcp_keepalive_probes. Number of keep alive probes TCP sends out, until it decides that the connection is broken. --- Value type: INTEGER Possible values: doc etc Default value: 9

tcp_keepalive_time. How often TCP sends out keep alive messages, when keep alive is enabled. The default is 2 hours. --- Value type: INTEGER Possible values: doc etc Default value: 7200

tcp_max_orphans. Maximal number of TCP sockets not attached to any user file handle, held by system. If this number is exceeded orphaned connections are reset immediately and warning is printed. This limit exists only to prevent simple DoS attacks, you _must_ not rely on this or lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than default value, and tune network services to linger and kill such states more aggressively. Let me to remind again: each orphan eats up to ~64K of unswappable memory. --- Possible values: INTEGER Default value: 8192

tcp_max_syn_backlog. Maximal number of remembered connection requests, which still did not receive an acknowledgement from connecting client. The default value is 1024 for systems with more than 128Mb of memory, and 128 for low memory machines. If the server suffers of overload, try to increase this number. Since Linux 2.2 the backlog specified in listen(2) only specifies the length of the backlog queue of already established sockets. When more connection requests arrive Linux starts to drop packets. When syncookies are enabled the packets are still answered and the maximum queue is effectively ignored. --- Value type: INTEGER Possible values: doc etc Default value: 1024

tcp_max_tw_buckets. Maximal number of timewait sockets held by system simultaneously. If this number is exceeded time-wait socket is immediately destroyed and warning is printed. This limit exists only to prevent simple DoS attacks, you _must_ not lower the limit artificially, but rather increase it (probably, after increasing installed memory), if network conditions require more than default value. --- Possible values: doc etc Default value: ???

tcp_mem. Consists of three values: low: below this number of pages TCP is not bothered about its memory appetite. pressure: when amount of memory allocated by TCP exceeds this number of pages, TCP moderates its memory consumption and enters memory pressure mode, which is exited when memory consumtion falls under "low". high: number of pages allowed for queueing by all TCP sockets. Defaults are calculated at boot time from amount of available memory. --- Value types: INTEGER INTEGER INTEGER Possible values: doc etc doc etc doc etc Default value: doc etc doc etc ???

tcp_orphan_retries. How may times to retry before killing TCP connection, closed by our side. Default value 7 corresponds to ~50sec-16min depending on RTO. If you machine is loaded WEB server, you should think about lowering this value, such sockets may consume significant resources. Cf. tcp_max_orphans. --- Possible values: INTEGER Default value: 7

tcp_reordering. Maximal reordering of packets in a TCP stream. --- Value type: INTEGER Possible values: doc etc Default value: 3

tcp_retrans_collapse. Bug-to-bug compatibility with some broken printers. On retransmit, try to send larger packets to work around bugs in certain TCP stacks. Can be turned off by setting it to zero. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tcp_retries1. Defines how often an answer to a TCP connection request is retransmitted before giving up. The minimal RFC value is 3, which is about 3seconds-8minutes depending on RTO. --- Value type: INTEGER Possible values: doc etc Default value: 3

tcp_retries2. Defines how often a TCP packet is retransmitted before giving up. RFC1122 says that the limit should be longer than 100 sec. It is too small number. The default value 15 corresponds to about 13-30minutes depending on RTO. --- Value type: INTEGER Possible values: doc etc Default value: 15

tcp_rfc1337. If set, the TCP stack behaves conforming to RFC1337. If unset, we are not conforming to RFC, but prevent TCP TIME_WAIT asassination. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

tcp_rmem. Consists of three values: min: Minimal size of receive buffer used by TCP sockets. It is guaranteed to each TCP socket, even under moderate memory pressure. default: default size of receive buffer used by TCP sockets. This value overrides rmem_default used by other protocols. The default of 87380 bytes results in window of 65535 with default setting of tcp_adv_win_scale and tcp_app_win:0 and a bit less for default tcp_app_win. max: maximal size of receive buffer allowed for automatically selected receiver buffers for TCP socket. This value does not override rmem_max, "static" selection via SO_RCVBUF does not use this. the default is calculated as twice the value of default. --- Value type: INTEGER INTEGER INTEGER Possible values: doc etc doc etc doc etc Default value: 4096 87380 174760

tcp_sack. Enable select acknowledgments (SACKS) after RFC2018. --- Value type: BOOLEAN Possible values: doc etc Default value: 1

tcp_stdurg. Enable the strict RFC793 interpretation of the TCP urgent pointer field. The default is to use the BSD compatible interpretation of the urgent pointer pointing to the first byte after the urgent data. The RFC793 interpretation is to have it point to the last byte of urgent data. Enabling this option may lead to interoperatibility problems. Disabled by default. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

tcp_syn_retries. Number of times initial SYNs for a TCP connection attempt will be retransmitted. Should not be higher than 255. This is only the timeout for outgoing connections, for incoming connections the number of retransmits is defined by tcp_retries1. The default of 5 is about 180 seconds. --- Value type: INTEGER Possible values: <0-255> Default value: 5

tcp_synack_retries. Number of times SYNACKs for a passive TCP connection attempt will be retransmitted. Should not be higher than 255. Default value is 5, which corresponds to ~180seconds. --- Possible values: <0-255> Default value: 5

tcp_syncookies. Only valid when the kernel was compiled with CONFIG_SYNCOOKIES. Send out syncookies when the syn backlog queue of a socket overflows. This is to ward off the common 'syn flood attack'. Disabled by default. Note, that syncookies is a fallback facility. It MUST NOT be used to help highly loaded servers to stand against legal connection rate. If you see synflood warnings in your logs, but investigation shows that they occur because of overload with legal connections, you should tune other parameters until this warning disappear. See: tcp_max_syn_backlog, tcp_synack_retries, tcp_abort_on_overflow. Syncookies seriously violate the TCP protocol, do not allow to use TCP extensions, can result in serious degradation of some services (e.g. SMTP relaying), visible not by you, but your clients and relays, contacting you. While you see synflood warnings in logs not being really flooded, your server is seriously misconfigured. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

tcp_timestamps. Enable timestamps as defined in RFC1323. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tcp_tw_recycle. Enable fast recycling TIME-WAIT sockets. It should not be changed without advice/request of technical experts. --- Possible values: [0|1] Default value: 0

tcp_tw_reuse. Allow to reuse TIME-WAIT sockets for new connections when it is safe from protocol viewpoint. It should not be changed without advice/request of technical experts. --- Posssible values: [0|1] Default value: 0

tcp_window_scaling. Enable window scaling as defined in RFC1323. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tcp_wmem. Consists of three values, from left to right: min: Amount of memory reserved for send buffers for TCP socket. Each TCP socket has rights to use it due to fact of its birth. default: Amount of memory allowed for send buffers for TCP socket by default. This value overrides wmem_default used by other protocols, it is usually lower than wmem_default. max: Maximal amount of memory allowed for automatically selected send buffers for TCP socket. This value does not override wmem_max, "static" selection via SO_SNDBUF does not use this. --- Value type: INTEGER INTEGER INTEGER Possible values: doc etc doc etc doc etc Default value: 4096 16384 131072

rif_timeout. No description for rif_timeout

max_dgram_qlen. Maximum datagram length. --- Possible values: doc etc Default value: 10

error_burst. These parameters are used to limit how many ICMP destination unreachable to send from the host in question. ICMP destination unreachable messages are sent when we can not reach the next hop, while trying to transmit a packet. It will also print some error messages to kernel logs if someone is ignoring our ICMP redirects. The higher the error_cost factor is, the fewer destination unreachable and error messages will be let through. Error_burst controls when destination unreachable messages and error messages will be dropped. The default settings limit warning messages to five every second. --- Possible values: ? Default value: 500

error_cost. These parameters are used to limit how many ICMP destination unreachable to send from the host in question. ICMP destination unreachable messages are sent when we can not reach the next hop, while trying to transmit a packet. It will also print some error messages to kernel logs if someone is ignoring our ICMP redirects. The higher the error_cost factor is, the fewer destination unreachable and error messages will be let through. Error_burst controls when destination unreachable messages and error messages will be dropped. The default settings limit warning messages to five every second. --- Possible values: ? Default value: 100

flush. Writing to this file results in a flush of the routing cache. --- Possible values: ? Default value: ?

gc_elasticity. Values to control the frequency and behavior of the garbage collection algorithm for the routing cache. --- Possible values: ? Default value: 8

gc_interval. Values to control the frequency and behavior of the garbage collection algorithm for the routing cache. --- Possible values: ? Default value: 60

gc_min_interval. Values to control the frequency and behavior of the garbage collection algorithm for the routing cache. --- Possible values: ? Default value: 5

gc_thresh. Values to control the frequency and behavior of the garbage collection algorithm for the routing cache. --- Possible values: ? Default value: 2048

gc_timeout. Values to control the frequency and behavior of the garbage collection algorithm for the routing cache. --- Possible values: ? Default value: 300

max_delay. Delays for flushing the routing cache. --- Possible values: ? Default value: 10

max_size. Maximum size of the routing cache. Old entries will be purged once the cache reached has this size. --- Possible values: ? Default value: 32768

min_adv_mss. No description for min_adv_mss

min_delay. Delays for flushing the routing cache. --- Possible values: ? Default value: 2

min_pmtu. No description for min_pmtu

mtu_expires. No description for mtu_expires

redirect_load. Factors which determine if more ICPM redirects should be sent to a specific host. No redirects will be sent once the load limit or the maximum number of redirects has been reached. --- Possible values: ? Default value: 2

redirect_number. Factors which determine if more ICPM redirects should be sent to a specific host. No redirects will be sent once the load limit or the maximum number of redirects has been reached. --- Possible values: ? Default value: 9

redirect_silence. Timeout for redirects. After this period redirects will be sent again, even if this has been stopped, because the load or number limit has been reached. --- Possible values: ? Default value: 2048

accept_redirects. This switch decides if the kernel accepts ICMP redirect messages or not. The default is 1 (yes) if the kernel is configured for a regular host and 0 (no) for a router configuration. --- Value type: BOOLEAN Possible values: [0|1] Default value: ???

accept_source_route. Should source routed packages (SSR option) be accepted or declined. The default is dependent on the kernel configuration. It's 'yes' for routers and 'no' for hosts. --- Value type: BOOLEAN Possible values: [0|1] Default value: ???

arp_filter. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request. 0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems. arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise. --- Possible values: [0|1] Default default: 0

bootp_relay. Accept packets with source address 0.b.c.d with destinations not to this host as local ones. It is supposed that a BOOTP relay daemon will catch and forward such packets. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

forwarding. Enable or disable IP forwarding on this interface. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

log_martians. Log packets with impossible source addresses to the kernel log. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

medium_id. Integer value used to differentiate the devices by the medium they are attached to. Two devices can have different id values when the broadcast packets are received only on one of them. The default value 0 means that the device is the only interface to its medium, value of -1 means that medium is not known. Currently, it is used to change the proxy_arp behavior: The proxy_arp feature is enabled for packets forwarded between two devices attached to different media. --- Possible values: [0|-1] Default value: 0

proxy_arp. Does (1) or does not (0) perform proxy ARP. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

rp_filter. Boolean value determines if a source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router a source validation by reversed path, as specified in RFC1812 is done. This will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules. Recommended option for single homed hosts and stub network routers. Could cause troubles for complicated (not loop free) networks running a slow unreliable protocol (sort of RIP), or using static routes. --- Value type: BOOLEAN Possible values: [0|1] Default value: 0

secure_redirects. Accept ICMP redirect messages only for gateways, listed in default gateway list. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

send_redirects. Determines whether to send ICMP redirects to other hosts, if the system is a router. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

shared_media. If it is not set the kernel does not assume that different subnets on this device can communicate directly. Send(router) or accept(host) RFC1620 shared media redirects. Overridesip_secure_redirects. --- Value type: BOOLEAN Possible values: [0|1] Default value: 1

tag. Allows you to write a number, which can be used as required. --- Possible values: doc etc Default value: 0

accept_redirects. This switch decides if the kernel accepts ICMP redirect messages or not. The default is 'yes' if the kernel is configured for a regular host and 'no' for a router configuration. --- Possible values: [0|1] Default value: 1

accept_source_route. Should source routed packages be accepted or declined. The default is dependent on the kernel configuration. It's 'yes' for routers and 'no' for hosts. --- Possible values: [0|1] Default value: 0

arp_filter. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request. 0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems. arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise. --- Possible values: [0|1] Default default: 0

bootp_relay. Accept packets with source address 0.b.c.d with destinations not to this host as local ones. It is supposed that a BOOTP relay daemon will catch and forward such packets. --- Possible values: [0|1] Default value: 0

forwarding. Enable or disable IP forwarding on this interface. --- Possible values: [0|1] Default value: 0

log_martians. Log packets with source addresses with no known route to kernel log. --- Possible values: [0|1] Default value: 0

medium_id. Integer value used to differentiate the devices by the medium they are attached to. Two devices can have different id values when the broadcast packets are received only on one of them. The default value 0 means that the device is the only interface to its medium, value of -1 means that medium is not known. Currently, it is used to change the proxy_arp behavior: The proxy_arp feature is enabled for packets forwarded between two devices attached to different media. --- Possible values: [0|-1] Default value: 0

proxy_arp. Does (1) or does not (0) perform proxy ARP. --- Possible values: [0|1] Default value: 0

rp_filter. Integer value determines if a source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router that is the only connection for a network to the net, it will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules. --- Possible values: [0|1] Default value: 0

secure_redirects. Accept ICMP redirect messages only for gateways, listed in default gateway list. Enabled by default. --- Possible values: [0|1] Default value: 1

send_redirects. Determines whether to send ICMP redirects to other hosts. --- Possible values: [0|1] Default value: 1

shared_media. If it is not set the kernel does not assume that different subnets on this device can communicate directly. Default setting is 'yes'. --- Possible values: [0|1] Default value: 1

tag. Allows you to write a number, which can be used as required. --- Possible values: doc etc Default value: 0

accept_redirects. This switch decides if the kernel accepts ICMP redirect messages or not. The default is 'yes' if the kernel is configured for a regular host and 'no' for a router configuration. --- Possible values: [0|1] Default value: 1

accept_source_route. Should source routed packages be accepted or declined. The default is dependent on the kernel configuration. It's 'yes' for routers and 'no' for hosts. --- Possible values: [0|1] Default value: 0

arp_filter. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request. 0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems. arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise. --- Possible values: [0|1] Default default: 0

bootp_relay. Accept packets with source address 0.b.c.d with destinations not to this host as local ones. It is supposed that a BOOTP relay daemon will catch and forward such packets. --- Possible values: [0|1] Default value: 0

forwarding. Enable or disable IP forwarding on this interface. --- Possible values: [0|1] Default value: 0

log_martians. Log packets with source addresses with no known route to kernel log. --- Possible values: [0|1] Default value: 0

medium_id. Integer value used to differentiate the devices by the medium they are attached to. Two devices can have different id values when the broadcast packets are received only on one of them. The default value 0 means that the device is the only interface to its medium, value of -1 means that medium is not known. Currently, it is used to change the proxy_arp behavior: The proxy_arp feature is enabled for packets forwarded between two devices attached to different media. --- Possible values: [0|-1] Default value: 0

proxy_arp. Does (1) or does not (0) perform proxy ARP. --- Possible values: [0|1] Default value: 0

rp_filter. Integer value determines if a source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router that is the only connection for a network to the net, it will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules. --- Possible values: [0|1] Default value: 0

secure_redirects. Accept ICMP redirect messages only for gateways, listed in default gateway list. Enabled by default. --- Possible values: [0|1] Default value: 1

send_redirects. Determines whether to send ICMP redirects to other hosts. --- Possible values: [0|1] Default value: 1

shared_media. If it is not set the kernel does not assume that different subnets on this device can communicate directly. Default setting is 'yes'. --- Possible values: [0|1] Default value: 1

tag. Allows you to write a number, which can be used as required. --- Possible values: doc etc Default value: 0

accept_redirects. This switch decides if the kernel accepts ICMP redirect messages or not. The default is 'yes' if the kernel is configured for a regular host and 'no' for a router configuration. --- Possible values: [0|1] Default value: 1

accept_source_route. Should source routed packages be accepted or declined. The default is dependent on the kernel configuration. It's 'yes' for routers and 'no' for hosts. --- Possible values: [0|1] Default value: 0

arp_filter. 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered based on whether or not the kernel would route a packet from the ARP'd IP out that interface (therefore you must use source based routing for this to work). In other words it allows control of which cards (usually 1) will respond to an arp request. 0 - (default) The kernel can respond to arp requests with addresses from other interfaces. This may seem wrong but it usually makes sense, because it increases the chance of successful communication. IP addresses are owned by the complete host on Linux, not by particular interfaces. Only for more complex setups like load-balancing, does this behaviour cause problems. arp_filter for the interface will be enabled if at least one of conf/{all,interface}/arp_filter is set to TRUE, it will be disabled otherwise. --- Possible values: [0|1] Default default: 0

bootp_relay. Accept packets with source address 0.b.c.d with destinations not to this host as local ones. It is supposed that a BOOTP relay daemon will catch and forward such packets. --- Possible values: [0|1] Default value: 0

forwarding. Enable or disable IP forwarding on this interface. --- Possible values: [0|1] Default value: 0

log_martians. Log packets with source addresses with no known route to kernel log. --- Possible values: [0|1] Default value: 0

medium_id. Integer value used to differentiate the devices by the medium they are attached to. Two devices can have different id values when the broadcast packets are received only on one of them. The default value 0 means that the device is the only interface to its medium, value of -1 means that medium is not known. Currently, it is used to change the proxy_arp behavior: The proxy_arp feature is enabled for packets forwarded between two devices attached to different media. --- Possible values: [0|-1] Default value: 0

proxy_arp. Does (1) or does not (0) perform proxy ARP. --- Possible values: [0|1] Default value: 0

rp_filter. Integer value determines if a source validation should be made. 1 means yes, 0 means no. Disabled by default, but local/broadcast address spoofing is always on. If you set this to 1 on a router that is the only connection for a network to the net, it will prevent spoofing attacks against your internal networks (external addresses can still be spoofed), without the need for additional firewall rules. --- Possible values: [0|1] Default value: 0

secure_redirects. Accept ICMP redirect messages only for gateways, listed in default gateway list. Enabled by default. --- Possible values: [0|1] Default value: 1

send_redirects. Determines whether to send ICMP redirects to other hosts. --- Possible values: [0|1] Default value: 1

shared_media. If it is not set the kernel does not assume that different subnets on this device can communicate directly. Default setting is 'yes'. --- Possible values: [0|1] Default value: 1

tag. Allows you to write a number, which can be used as required. --- Possible values: doc etc Default value: 0

anycast_delay. Maximum for random delay of answers to neighbor solicitation messages in jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support yet). --- Possible values: ? Default value: 100

app_solicit. No description for app_solicit

base_reachable_time. A base value used for computing the random reachable time value as specified in RFC2461. --- Possible values: ? Default value: 30

delay_first_probe_time. Delay for the first time probe if the neighbor is reachable. (see gc_stale_time) --- Possible values: ? Default value: 5

gc_interval. No description for gc_interval

gc_stale_time. Determines how often to check for stale ARP entries. After an ARP entry is stale it will be resolved again (which is useful when an IP address migrates to another machine). When ucast_solicit is greater than 0 it first tries to send an ARP packet directly to the known host When that fails and mcast_solicit is greater than 0, an ARP request is broadcasted. --- Possible values: ? Default value: 60

gc_thresh1. No description for gc_thresh1

gc_thresh2. No description for gc_thresh2

gc_thresh3. No description for gc_thresh3

locktime. An ARP/neighbor entry is only replaced with a new one if the old is at least locktime old. This prevents ARP cache thrashing. --- Possible values: ? Default value: 100

mcast_solicit. Maximum number of retries for multicast solicitation. --- Possible values: ? Default value: 3

proxy_delay. Maximum time (real time is random [0..proxytime]) before answering to an ARP request for which we have an proxy ARP entry. In some cases, this is used to prevent network flooding. --- Possible values: ? Default value: 80

proxy_qlen. Maximum queue length of the delayed proxy arp timer. (see proxy_delay). --- Possible values: ? Default value: 64

retrans_time. The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor Solicitation messages. Used for address resolution and to determine if a neighbor is unreachable. --- Possible values: ? Default value: 100

ucast_solicit. Maximum number of retries for unicast solicitation. --- Possible values: ? Default value: 3

unres_qlen. Maximum queue length for a pending arp request - the number of packets which are accepted from other layers while the ARP address is still resolved. --- Possible values: ? Default value: 3

anycast_delay. Maximum for random delay of answers to neighbor solicitation messages in jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support yet). --- Possible values: ? Default value: 100

app_solicit. No description for app_solicit

base_reachable_time. A base value used for computing the random reachable time value as specified in RFC2461. --- Possible values: ? Default value: 30

delay_first_probe_time. Delay for the first time probe if the neighbor is reachable. (see gc_stale_time) --- Possible values: ? Default value: 5

gc_stale_time. Determines how often to check for stale ARP entries. After an ARP entry is stale it will be resolved again (which is useful when an IP address migrates to another machine). When ucast_solicit is greater than 0 it first tries to send an ARP packet directly to the known host When that fails and mcast_solicit is greater than 0, an ARP request is broadcasted. --- Possible values: ? Default value: 60

locktime. An ARP/neighbor entry is only replaced with a new one if the old is at least locktime old. This prevents ARP cache thrashing. --- Possible values: ? Default value: 100

mcast_solicit. Maximum number of retries for multicast solicitation. --- Possible values: ? Default value: 3

proxy_delay. Maximum time (real time is random [0..proxytime]) before answering to an ARP request for which we have an proxy ARP entry. In some cases, this is used to prevent network flooding. --- Possible values: ? Default value: 80

proxy_qlen. Maximum queue length of the delayed proxy arp timer. (see proxy_delay). --- Possible values: ? Default value: 64

retrans_time. The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor Solicitation messages. Used for address resolution and to determine if a neighbor is unreachable. --- Possible values: ? Default value: 100

ucast_solicit. Maximum number of retries for unicast solicitation. --- Possible values: ? Default value: 3

unres_qlen. Maximum queue length for a pending arp request - the number of packets which are accepted from other layers while the ARP address is still resolved. --- Possible values: ? Default value: 3

anycast_delay. Maximum for random delay of answers to neighbor solicitation messages in jiffies (1/100 sec). Not yet implemented (Linux does not have anycast support yet). --- Possible values: ? Default value: 100

app_solicit. No description for app_solicit

base_reachable_time. A base value used for computing the random reachable time value as specified in RFC2461. --- Possible values: ? Default value: 30

delay_first_probe_time. Delay for the first time probe if the neighbor is reachable. (see gc_stale_time) --- Possible values: ? Default value: 5

gc_stale_time. Determines how often to check for stale ARP entries. After an ARP entry is stale it will be resolved again (which is useful when an IP address migrates to another machine). When ucast_solicit is greater than 0 it first tries to send an ARP packet directly to the known host When that fails and mcast_solicit is greater than 0, an ARP request is broadcasted. --- Possible values: ? Default value: 60

locktime. An ARP/neighbor entry is only replaced with a new one if the old is at least locktime old. This prevents ARP cache thrashing. --- Possible values: ? Default value: 100

mcast_solicit. Maximum number of retries for multicast solicitation. --- Possible values: ? Default value: 3

proxy_delay. Maximum time (real time is random [0..proxytime]) before answering to an ARP request for which we have an proxy ARP entry. In some cases, this is used to prevent network flooding. --- Possible values: ? Default value: 80

proxy_qlen. Maximum queue length of the delayed proxy arp timer. (see proxy_delay). --- Possible values: ? Default value: 64

retrans_time. The time, expressed in jiffies (1/100 sec), between retransmitted Neighbor Solicitation messages. Used for address resolution and to determine if a neighbor is unreachable. --- Possible values: ? Default value: 100

ucast_solicit. Maximum number of retries for unicast solicitation. --- Possible values: ? Default value: 3

unres_qlen. Maximum queue length for a pending arp request - the number of packets which are accepted from other layers while the ARP address is still resolved. --- Possible values: ? Default value: 3