Sysctl lets the user fine tune the kernel without having to rebuild the kernel. It also will apply the changes immediately, thus the server won’t have to be rebooted for changes to take effect. To make the changes permanent, you will have to add these values to a configuration file. Use the configuration file CentOS provides by default,
Open the file with your favorite editor.
# sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). # Minimizing the amount of swapping vm.swappiness = 20 vm.dirty_ratio = 80 vm.dirty_background_ratio = 5 # Increases the size of file handles and inode cache & restricts core dumps fs.file-max = 2097152 fs.suid_dumpable = 0 # Change the amount of incoming connections and incoming connections backlog net.core.somaxconn = 65535 net.core.netdev_max_backlog = 262144 # Increase the maximum amount of memory buffers net.core.optmem_max = 25165824 # Increase the default and maximum send/receive buffers net.core.rmem_default = 31457280 net.core.rmem_max = 67108864 net.core.wmem_default = 31457280 net.core.wmen_max = 67108864 # Enable TCP SYN cookie protection net.ipv4.tcp_syncookies = 1 # Enable IP spoofing protection net.ipv4.conf.all.rp_filter = 1 # Enable ignoring to ICMP requests and broadcasts request net.ipv4.icmp_echo_ignore_all = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 # Enable logging of spoofed packets, source routed packets and redirect packets net.ipv4.conf.all.log_martians = 1 # Disable IP source routing net.ipv4.conf.all.accept_source_route = 0 # Disable ICMP redirect acceptance net.ipv4.conf.all.accept_redirects = 0