Network Hardening on Solaris
Just adding this script on your /etc/rc3.d, dont' forget to chmod it to 744.
/etc/rc3.d/S100nettune
#!/bin/sh
#
# Basic Hardening
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ndd -set /dev/ip ip_forwarding 0
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 16384
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 16384
/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 400000
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 400000
/usr/sbin/ndd -set /dev/tcp tcp_cwnd_max 2097152
/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 60000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 4000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_max 10000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 3000
/usr/sbin/ndd -set /dev/tcp tcp_max_buf 4194304
/usr/sbin/ndd -set /dev/tcp tcp_maxpsz_multiplier 10
#Oracle Required
/usr/sbin/ndd -set /dev/udp udp_recv_hiwat 65535
/usr/sbin/ndd -set /dev/udp udp_xmit_hiwat 65535
# Added parameter
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 30000
/usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 60000
/usr/sbin/ndd -set /dev/tcp tcp_deferred_ack_interval 20
/etc/rc3.d/S100nettune
#!/bin/sh
#
# Basic Hardening
/usr/sbin/ndd -set /dev/ip ip_forward_src_routed 0
/usr/sbin/ndd -set /dev/ip ip_forwarding 0
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q 16384
/usr/sbin/ndd -set /dev/tcp tcp_conn_req_max_q0 16384
/usr/sbin/ndd -set /dev/tcp tcp_xmit_hiwat 400000
/usr/sbin/ndd -set /dev/tcp tcp_recv_hiwat 400000
/usr/sbin/ndd -set /dev/tcp tcp_cwnd_max 2097152
/usr/sbin/ndd -set /dev/tcp tcp_ip_abort_interval 60000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_initial 4000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_max 10000
/usr/sbin/ndd -set /dev/tcp tcp_rexmit_interval_min 3000
/usr/sbin/ndd -set /dev/tcp tcp_max_buf 4194304
/usr/sbin/ndd -set /dev/tcp tcp_maxpsz_multiplier 10
#Oracle Required
/usr/sbin/ndd -set /dev/udp udp_recv_hiwat 65535
/usr/sbin/ndd -set /dev/udp udp_xmit_hiwat 65535
# Added parameter
/usr/sbin/ndd -set /dev/tcp tcp_time_wait_interval 30000
/usr/sbin/ndd -set /dev/tcp tcp_keepalive_interval 60000
/usr/sbin/ndd -set /dev/tcp tcp_deferred_ack_interval 20