#!/bin/bash

# 创建内核参数优化配置文件
cat <<EOF > /etc/sysctl.d/99-kernel-optimization.conf

# 启用IP转发

net.ipv4.ip_forward = 1

net.ipv6.conf.all.forwarding = 1

# TCP内存分配优化

net.core.wmem_max = 16777216

net.core.rmem_max = 16777216

net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 65536 16777216

# TCP连接跟踪优化

net.netfilter.nf_conntrack_max = 1000000

net.netfilter.nf_conntrack_tcp_timeout_established = 1200

# 启用TCP Fast Open

net.ipv4.tcp_fastopen = 3

# 调整TCP Keepalive设置 net.ipv4.tcp_keepalive_time = 1200

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_intvl = 15

# 禁用ICMP重定向

net.ipv4.conf.all.accept_redirects = 0

net.ipv4.conf.default.accept_redirects = 0

#禁用TCP慢启动

net.ipv4.tcp_slow_start_after_idle = 0

#开启TCP连接复用

net.ipv4.tcp_tw_reuse = 1

#提高系统文件描述符限制

fs.file-max = 100000

#调整内核参数以适应高并发场景

net.core.somaxconn = 65535

net.core.netdev_max_backlog = 65535

net.ipv4.tcp_max_syn_backlog = 65535

net.ipv4.tcp_syncookies = 1

#优化TCP性能

net.ipv4.tcp_tw_reuse = 1

net.ipv4.tcp_tw_recycle = 0

net.ipv4.tcp_fin_timeout = 30

net.ipv4.tcp_keepalive_time = 1200

net.ipv4.tcp_keepalive_probes = 5

net.ipv4.tcp_keepalive_intvl = 15

net.ipv4.tcp_rmem = 4096 87380 16777216

net.ipv4.tcp_wmem = 4096 65536 16777216

#优化UDP性能

net.ipv4.udp_rmem_min = 8192

net.ipv4.udp_wmem_min = 8192

#开启反向路径过滤

net.ipv4.conf.all.rp_filter = 1

net.ipv4.conf.default.rp_filter = 1

#防止网络攻击

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_max_syn_backlog = 20480

# 防止ICMP Flood攻击

net.ipv4.icmp_echo_ignore_broadcasts = 1

net.ipv4.icmp_ignore_bogus_error_responses = 1

net.ipv4.icmp_ratelimit = 1000

# 防止SYN Flood攻击

net.ipv4.tcp_syncookies = 1

net.ipv4.tcp_synack_retries = 2

net.ipv4.tcp_syn_retries = 5

# 调整TIME-WAIT套接字重用等待时间

net.ipv4.tcp_fin_timeout = 30

EOF

# 应用内核参数优化配置
sysctl –system

echo “Kernel optimization completed. Please reboot the system for all changes to take effect.”

 

将此脚本保存为kernel_optimization.sh，然后使用root权限运行它：