From da812006774c3499ac0385cf46796a6b5fb632b3 Mon Sep 17 00:00:00 2001
From: martijn <git@sexybiggetje.nl>
Date: Tue, 4 Mar 2025 13:59:05 +0100
Subject: [PATCH] Update install.sh

Update for ipv4 tuning, protection and fastopen.
---
 install.sh | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/install.sh b/install.sh
index 545cabb..228454f 100644
--- a/install.sh
+++ b/install.sh
@@ -96,6 +96,16 @@ echo "net.ipv4.conf.all.log_martians = 1" >> /etc/sysctl.d/99-custom.conf
 echo "net.ipv4.conf.default.log_martians = 1" >> /etc/sysctl.d/99-custom.conf
 echo "net.ipv4.conf.all.secure_redirects = 0" >> /etc/sysctl.d/99-custom.conf
 echo "net.ipv4.conf.default.secure_redirects = 0" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_synack_retries=2" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_fin_timeout=15" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_keepalive_time=300" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_keepalive_probes=5" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_keepalive_intvl=15" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_max_tw_buckets=1440000" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_tw_recycle=1" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_tw_reuse=1" >> /etc/sysctl.d/99-custom.conf
+echo "net.ipv4.tcp_fastopen=3" >> /etc/sysctl.d/99-custom.conf
+
 echo "net.ipv6.conf.default.autoconf = 0" >> /etc/sysctl.d/99-custom.conf
 echo "net.ipv6.conf.default.dad_transmits = 0" >> /etc/sysctl.d/99-custom.conf
 echo "net.ipv6.conf.default.max_addresses = 1" >> /etc/sysctl.d/99-custom.conf
@@ -131,6 +141,7 @@ echo "kernel.yama.ptrace_scope = 1" >> /etc/sysctl.d/99-custom.conf
 echo "kernel.unprivileged_userns_clone = 0" >> /etc/sysctl.d/99-custom.conf
 echo "kernel.unprivileged_bpf_disabled = 1" >> /etc/sysctl.d/99-custom.conf
 echo "net.core.bpf_jit_harden = 2" >> /etc/sysctl.d/99-custom.conf
+echo "kernel.panic=10" >> /etc/sysctl.d/99-custom.conf
 
 ## Kernel optimisation
 echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
@@ -139,6 +150,13 @@ echo "kernel.pid_max = 65536" >> /etc/sysctl.d/99-custom.conf
 echo -e "\e[1;32mHardening filesystem...\e[0m"
 echo "fs.protected_hardlinks=1" >> /etc/sysctl.d/99-custom.conf
 echo "fs.protected_symlinks=1" >> /etc/sysctl.d/99-custom.conf
+echo "fs.file-max=2097152" >> /etc/sysctl.d/99-custom.conf
+
+## Swap
+echo -e "\e[1;32mTuning swap...\e[0m"
+echo "vm.swappiness=10" >> /etc/sysctl.d/99-custom.conf
+echo "vm.dirty_ratio=60" >> /etc/sysctl.d/99-custom.conf
+echo "vm.dirty_background_ratio=2" >> /etc/sysctl.d/99-custom.conf
 
 # Write sysctl values
 sysctl -p /etc/sysctl.d/99-custom.conf