-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path99-custom.conf
More file actions
85 lines (78 loc) · 2.59 KB
/
99-custom.conf
File metadata and controls
85 lines (78 loc) · 2.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
#/etc/sysctl.d/
# --- OpenWrt 核心保护与稳定性 ---
kernel.panic = 3
kernel.core_pattern = /tmp/%e.%t.%p.%s.core
fs.suid_dumpable = 2
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
kernel.kptr_restrict = 1
kernel.dmesg_restrict = 1
# ==========================================
# CPU / 网络核心优化
# ==========================================
net.core.bpf_jit_enable = 1
net.core.bpf_jit_kallsyms = 1
net.core.netdev_max_backlog = 16384
net.core.somaxconn = 4096
net.core.netdev_budget = 500
net.core.dev_weight = 256
net.core.dev_weight_tx_bias = 1
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.optmem_max = 40960
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 65536 8388608
# ==========================================
# TCP 栈优化
# ==========================================
net.ipv4.tcp_congestion_control = bbr
# 开启 BBR
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_ecn = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_low_latency = 1
net.ipv4.tcp_autocorking = 0
# ===========================
# Conntrack / NAT 优化
# ===========================
net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_tcp_timeout_established = 7440
net.netfilter.nf_conntrack_udp_timeout = 60
net.netfilter.nf_conntrack_udp_timeout_stream = 180
net.netfilter.nf_conntrack_acct = 1
# ==========================================
# IPv4 / IPv6 / ARP 基础配置
# ==========================================
net.ipv4.ip_forward = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.igmp_max_memberships = 100
net.ipv4.conf.all.arp_announce = 2
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.tcp_mtu_probing = 1
# ==========================================
# 桥接 / NAT 性能优化
# ==========================================
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
# ==========================================
# 动态端口分配范围
# ==========================================
net.ipv4.ip_local_port_range = 10240 65535
# ==========================================
# 默认 QoS 队列算法(低延迟)
# ==========================================
net.core.default_qdisc = fq_codel