diff --git a/sysctl.d/30-wireguard-forward.conf b/sysctl.d/30-wireguard-forward.conf
new file mode 100644
index 0000000..119d730
--- /dev/null
+++ b/sysctl.d/30-wireguard-forward.conf
@@ -0,0 +1 @@
+net.ipv4.ip_forward=1
diff --git a/sysctl.d/99-swappiness.conf b/sysctl.d/99-swappiness.conf
new file mode 100644
index 0000000..5a37698
--- /dev/null
+++ b/sysctl.d/99-swappiness.conf
@@ -0,0 +1 @@
+vm.swappiness=4
diff --git a/sysctl.d/99-sysctl.conf b/sysctl.d/99-sysctl.conf
new file mode 120000
index 0000000..2b0036b
--- /dev/null
+++ b/sysctl.d/99-sysctl.conf
@@ -0,0 +1 @@
+../sysctl.conf
\ No newline at end of file
diff --git a/sysctl.d/README.sysctl b/sysctl.d/README.sysctl
new file mode 100644
index 0000000..13970ff
--- /dev/null
+++ b/sysctl.d/README.sysctl
@@ -0,0 +1,13 @@
+Kernel system variables configuration files
+
+Files found under the /etc/sysctl.d directory that end with .conf are
+parsed within sysctl(8) at boot time.  If you want to set kernel variables
+you can either edit /etc/sysctl.conf or make a new file.
+
+The filename isn't important, but don't make it a package name as it may clash
+with something the package builder needs later. It must end with .conf though.
+
+My personal preference would be for local system settings to go into
+/etc/sysctl.d/local.conf but as long as you follow the rules for the names
+of the file, anything will work. See sysctl.conf(8) man page for details
+of the format.
diff --git a/sysctl.d/internettweaks.conf b/sysctl.d/internettweaks.conf
new file mode 100644
index 0000000..68e41f5
--- /dev/null
+++ b/sysctl.d/internettweaks.conf
@@ -0,0 +1,40 @@
+#TCP Tweaks
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_fastopn = 3
+net.ipv4.tcp_fin_timeout = 10
+
+# disable tcp timestamps to avoid leaking some system information
+# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
+net.ipv4.tcp_timestamps=0
+
+#TCP BBR Congestion Control Algoritm
+net.core.default_qdisc = cake
+net.ipv4.tcp_congestion_control = bbr
+
+#Ignore ICMP Ping requests
+net.ipv4.icmp_echo_ignore_all = 1
+net.ipv6.icmp.echo_ignore_all = 1
+
+#Increase the memory dedicated to the network interfaces
+net.core.rmem_default = 1048576
+net.core.rmem_max = 16777216
+net.core.wmem_default = 1048576
+net.core.wmem_max = 16777216
+net.core.optmem_max = 65536
+net.ipv4.tcp_rmem = 4096 1048576 2097152
+net.ipv4.tcp_wmem = 4096 65536 16777216
+
+net.ipv4.udp_rmem_min = 8192
+net.ipv4.udp_wmem_min = 8192
+
+# increase aslr effectiveness for mmap
+# https://lwn.net/Articles/667790
+vm.mmap_rnd_bits=32
+vm.mmap_rnd_compat_bits=16
+
+#SYN Flood Protection
+
+net.ipv4.tcp_max_syn_backlog = 1024
+net.ipv4.tcp_syn_retries = 6
+net.ipv4.tcp_synack_retries = 3
+net.ipv4.tcp_syncookies = 1