sysctl configs

2022-12-03 15:59:42 -03:00 · 2022-12-03 15:59:42 -03:00 · caf95a8362
commit caf95a8362
parent 5ef17d8eef
1 changed files with 45 additions and 0 deletions
--- a/sysctl.d/internettweaks.conf
+++ b/sysctl.d/internettweaks.conf
@ -0,0 +1,45 @@
+#TCP Tweaks
+net.ipv4.tcp_tw_reuse = 1
+net.ipv4.tcp_fastopn = 3
+net.ipv4.tcp_fin_timeout = 10
+
+# disable tcp timestamps to avoid leaking some system information
+# https://www.whonix.org/wiki/Disable_TCP_and_ICMP_Timestamps
+net.ipv4.tcp_timestamps=0
+
+#TCP BBR Congestion Control Algoritm
+net.core.default_qdisc = cake
+net.ipv4.tcp_congestion_control = bbr
+net.ipv4.tcp_notsent_lowat = 16384
+
+#Ignore ICMP Ping requests
+net.ipv4.icmp_echo_ignore_all = 1
+net.ipv6.icmp.echo_ignore_all = 1
+
+#Increase the memory dedicated to the network interfaces
+net.core.rmem_default = 1048576
+net.core.rmem_max = 16777216
+net.core.wmem_default = 1048576
+net.core.wmem_max = 16777216
+net.core.optmem_max = 65536
+net.ipv4.tcp_rmem = 4096 1048576 2097152
+net.ipv4.tcp_wmem = 4096 65536 16777216
+
+net.ipv4.udp_rmem_min = 8192
+net.ipv4.udp_wmem_min = 8192
+
+# increase aslr effectiveness for mmap
+# https://lwn.net/Articles/667790
+vm.mmap_rnd_bits=32
+vm.mmap_rnd_compat_bits=16
+
+#SYN Flood Protection
+
+net.ipv4.tcp_max_syn_backlog = 1024
+net.ipv4.tcp_syn_retries = 6
+net.ipv4.tcp_synack_retries = 3
+net.ipv4.tcp_syncookies = 1
+
+#Linux Netfilter Tweaks
+net.netfilter.nf_conntrack_tcp_timeout_time_wait=30
+net.netfilter.nf_conntrack_tcp_timeout_fin_wait=30