openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity

OCPBUGS-29402: Adding safe sysctls

Browse Source
This commit is contained in:
Ronan Hennessy
2024-07-17 09:42:55 +01:00
committed by openshift-cherrypick-robot
parent 2654578e42
commit 037565d27d
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
modules/nodes-safe-sysctls-list.adoc
View File

@@ -49,6 +49,22 @@ a| This restricts `ICMP_PROTO` datagram sockets to users in the group range. The
| `net.ipv4.ip_unprivileged_port_start`
| This defines the first unprivileged port in the network namespace. To disable all privileged ports, set this to `0`. Privileged ports must not overlap with the `ip_local_port_range`. For more information, see link:https://docs.kernel.org/networking/ip-sysctl.html?highlight=ip_unprivileged_port_start#ip-variables#ip-variables[ip_unprivileged_port_start].
|`net.ipv4.ip_local_reserved_ports`
| Specify a range of comma-separated local ports that you want to reserve for applications or services.
| `net.ipv4.tcp_keepalive_time`
| Specify the interval in seconds before the first `keepalive` probe should be sent after a connection has become idle.
| `net.ipv4.tcp_fin_timeout`
| Specify the time in seconds that a connection remains in the `FIN-WAIT-2` state before it is aborted.
| `net.ipv4.tcp_keepalive_intvl`
| Specify the interval in seconds between the `keepalive` probes. This value is multiplied by the `tcp_keepalive_probes` value to determine the total time required before it is decided that the connection is broken.
| `net.ipv4.tcp_keepalive_probes`
| Specify how many `keepalive` probes to send until it is determined that the connection is broken.
|===