| These settings heavily depends on your OS, hardware, and use-case. This profile is what I prefer for AORUS 5/RTX3070/i7-12700H/16GB laptops, and despite how terrible the OEM hardware is... this setup will run acceptably well with dual Intel 670p M.2 drives. The following should work with most Debian variants, but is hardly optimal for every platform. But if your laptop is similar, than it should be a good place to start. One caveat, when ejecting media it may take some time to flush your buffers. sudo nano /etc/sysctl.conf net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 net.ipv4.icmp_echo_ignore_all = 1 #ban list mem net.core.rmem_default=8388608 net.core.wmem_default=8388608 #prevent TCP hijack in older kernels net.ipv4.tcp_challenge_ack_limit = 999999999 #may be needed to reduce failed TCP links net.ipv4.tcp_timestamps=0 net.ipv4.tcp_rfc1337=1 net.ipv4.tcp_workaround_signed_windows=1 net.ipv4.tcp_fack=1 net.ipv4.tcp_low_latency=1 net.ipv4.ip_no_pmtu_disc = 0 net.ipv4.tcp_sack = 1 net.ipv4.tcp_mtu_probing = 1 net.ipv4.tcp_frto=2 net.ipv4.tcp_frto_response=2 net.ipv4.tcp_congestion_control = cubic net.ipv4.tcp_window_scaling = 1 kernel.exec-shield=1 kernel.randomize_va_space=1 #reboot on kernel panic after 20 sec kernel.panic=20 vm.swappiness=1 vm.vfs_cache_pressure=50 #percentage of system memory that can be filled with dirty pages # run to check io performance with: sudo vmstat 1 20 vm.dirty_background_ratio=60 #maximum amount of system memory filled with dirty pages before committed vm.dirty_ratio=80 vm.dirty_background_bytes=2684354560 vm.dirty_bytes=5368709120 #how often the flush processes wake up and check vm.dirty_writeback_centisecs=10000 #how long something can be in cache before it needs to be written vm.dirty_expire_centisecs=60000 vm.min_free_kbytes = 16384 # increase system file descriptor limit fs.file-max=120000 #CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (number_of_bits_in_a_pointer / 32) #low power CPU should halve mem usage limits net.ipv4.netfilter.ip_conntrack_max = 16384 net.netfilter.nf_conntrack_max = 16384 net.nf_conntrack_max = 16384 net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 86400 kernel.pid_max = 32767 net.ipv4.ip_local_port_range = 2000 65000 |