How to set kernel parameters with sysctl in Linux

Kernel tuning sometimes needs a value changed on the running system before the next reboot or maintenance window. sysctl writes selected values under /proc/sys, which lets an administrator test a kernel parameter immediately instead of editing a file and waiting for boot.

sysctl -w changes the live value only for the current boot. A matching .conf file under /etc/sysctl.d keeps the same assignment available for later boot-time application, and sysctl -p can reapply one saved file without replaying every kernel tunable on the host.

The sample assignment uses net.ipv4.ip_forward because its 0 or 1 value is easy to verify. Replace that key and value with the intended tunable, keep the previous value for rollback, and test routing, packet filtering, memory, filesystem, or security changes from console access when a bad value could break remote sessions.

Steps to set Linux kernel parameters with sysctl:

Check the current value before changing it.
```
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
```
Replace net.ipv4.ip_forward with the target key. Record the old value so the change can be rolled back with the same sysctl command if the result is wrong.
Set the runtime value for the current boot.
```
$ sudo sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
```
Changing a live kernel parameter can affect routing, packet filtering, memory pressure, filesystem access, or login behavior immediately. Do not apply an unfamiliar key on a remote production host without a rollback path.
Create a local sysctl.d drop-in for the same assignment.
```
$ sudoedit /etc/sysctl.d/90-ip-forward.conf
```
```
net.ipv4.ip_forward = 1
```
Use a filename that ends in .conf. Local administrator drop-ins commonly use a high prefix such as 90- so they sort after vendor defaults.

Confirm the saved drop-in contains the intended value.

$ cat /etc/sysctl.d/90-ip-forward.conf
net.ipv4.ip_forward = 1

Apply the saved drop-in without rebooting.
```
$ sudo sysctl -p /etc/sysctl.d/90-ip-forward.conf
net.ipv4.ip_forward = 1
```
sysctl -p reads one file. Use sysctl --system only when the host should reapply the full procps sysctl configuration set.
Verify the kernel reports the intended runtime value.
```
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
```
If the value does not change, check for a read-only container namespace, a missing kernel feature, a later drop-in that overrides the key, or a parameter that appears only after a module or device exists.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.