sysctl configs
This commit is contained in:
Fijxu
parent
078be3cb59
commit
140086dcba
5 changed files with 56 additions and 0 deletions
1
sysctl.d/30-wireguard-forward.conf
Normal file
1
sysctl.d/30-wireguard-forward.conf
Normal file
|
|
@ -0,0 +1 @@
|
|||
net.ipv4.ip_forward=1
|
||||
1
sysctl.d/99-swappiness.conf
Normal file
1
sysctl.d/99-swappiness.conf
Normal file
|
|
@ -0,0 +1 @@
|
|||
vm.swappiness=4
|
||||
1
sysctl.d/99-sysctl.conf
Symbolic link
1
sysctl.d/99-sysctl.conf
Symbolic link
|
|
@ -0,0 +1 @@
|
|||
../sysctl.conf
|
||||
13
sysctl.d/README.sysctl
Normal file
13
sysctl.d/README.sysctl
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
Kernel system variables configuration files
|
||||
|
||||
Files found under the /etc/sysctl.d directory that end with .conf are
|
||||
parsed within sysctl(8) at boot time. If you want to set kernel variables
|
||||
you can either edit /etc/sysctl.conf or make a new file.
|
||||
|
||||
The filename isn't important, but don't make it a package name as it may clash
|
||||
with something the package builder needs later. It must end with .conf though.
|
||||
|
||||
My personal preference would be for local system settings to go into
|
||||
/etc/sysctl.d/local.conf but as long as you follow the rules for the names
|
||||
of the file, anything will work. See sysctl.conf(8) man page for details
|
||||
of the format.
|
||||
40
sysctl.d/internettweaks.conf
Normal file
40
sysctl.d/internettweaks.conf
Normal file
|
|
@ -0,0 +1,40 @@
|
|||
#TCP Tweaks
|
||||
net.ipv4.tcp_tw_reuse = 1
|
||||
net.ipv4.tcp_fastopn = 3
|
||||
net.ipv4.tcp_fin_timeout = 10
|
||||
|
||||
# disable tcp timestamps to avoid leaking some system information
|
||||
# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
|
||||
net.ipv4.tcp_timestamps=0
|
||||
|
||||
#TCP BBR Congestion Control Algoritm
|
||||
net.core.default_qdisc = cake
|
||||
net.ipv4.tcp_congestion_control = bbr
|
||||
|
||||
#Ignore ICMP Ping requests
|
||||
net.ipv4.icmp_echo_ignore_all = 1
|
||||
net.ipv6.icmp.echo_ignore_all = 1
|
||||
|
||||
#Increase the memory dedicated to the network interfaces
|
||||
net.core.rmem_default = 1048576
|
||||
net.core.rmem_max = 16777216
|
||||
net.core.wmem_default = 1048576
|
||||
net.core.wmem_max = 16777216
|
||||
net.core.optmem_max = 65536
|
||||
net.ipv4.tcp_rmem = 4096 1048576 2097152
|
||||
net.ipv4.tcp_wmem = 4096 65536 16777216
|
||||
|
||||
net.ipv4.udp_rmem_min = 8192
|
||||
net.ipv4.udp_wmem_min = 8192
|
||||
|
||||
# increase aslr effectiveness for mmap
|
||||
# https://lwn.net/Articles/667790
|
||||
vm.mmap_rnd_bits=32
|
||||
vm.mmap_rnd_compat_bits=16
|
||||
|
||||
#SYN Flood Protection
|
||||
|
||||
net.ipv4.tcp_max_syn_backlog = 1024
|
||||
net.ipv4.tcp_syn_retries = 6
|
||||
net.ipv4.tcp_synack_retries = 3
|
||||
net.ipv4.tcp_syncookies = 1
|
||||
Loading…
Add table
Reference in a new issue