These settings heavily depends on your OS, hardware, and use-case.
This profile is what I prefer for AORUS 5/RTX3070/i7-12700H/16GB laptops, and despite how terrible the OEM hardware is... this setup will run acceptably well with dual Intel 670p M.2 drives.
The following should work with most Debian variants, but is hardly optimal for every platform. But if your laptop is similar, than it should be a good place to start. One caveat, when ejecting media it may take some time to flush your buffers.
sudo nano /etc/sysctl.conf
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.icmp_echo_ignore_all = 1
#ban list mem
net.core.rmem_default=8388608
net.core.wmem_default=8388608
#prevent TCP hijack in older kernels
net.ipv4.tcp_challenge_ack_limit = 999999999
#may be needed to reduce failed TCP links
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_window_scaling = 1
kernel.exec-shield=1
kernel.randomize_va_space=1
#reboot on kernel panic after 20 sec
kernel.panic=20
vm.swappiness=1
vm.vfs_cache_pressure=50
#percentage of system memory that can be filled with dirty pages
# run to check io performance with: sudo vmstat 1 20
vm.dirty_background_ratio=60
#maximum amount of system memory filled with dirty pages before committed
vm.dirty_ratio=80
vm.dirty_background_bytes=2684354560
vm.dirty_bytes=5368709120
#how often the flush processes wake up and check
vm.dirty_writeback_centisecs=10000
#how long something can be in cache before it needs to be written
This profile is what I prefer for AORUS 5/RTX3070/i7-12700H/16GB laptops, and despite how terrible the OEM hardware is... this setup will run acceptably well with dual Intel 670p M.2 drives.
The following should work with most Debian variants, but is hardly optimal for every platform. But if your laptop is similar, than it should be a good place to start. One caveat, when ejecting media it may take some time to flush your buffers.
sudo nano /etc/sysctl.conf
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Ignore ICMP broadcast requests
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Disable source packet routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv6.conf.default.accept_source_route = 0
# Ignore send redirects
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 5
net.ipv4.conf.all.log_martians = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.icmp_echo_ignore_all = 1
#ban list mem
net.core.rmem_default=8388608
net.core.wmem_default=8388608
#prevent TCP hijack in older kernels
net.ipv4.tcp_challenge_ack_limit = 999999999
#may be needed to reduce failed TCP links
net.ipv4.tcp_timestamps=0
net.ipv4.tcp_rfc1337=1
net.ipv4.tcp_workaround_signed_windows=1
net.ipv4.tcp_fack=1
net.ipv4.tcp_low_latency=1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_sack = 1
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_frto=2
net.ipv4.tcp_frto_response=2
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_window_scaling = 1
kernel.exec-shield=1
kernel.randomize_va_space=1
#reboot on kernel panic after 20 sec
kernel.panic=20
vm.swappiness=1
vm.vfs_cache_pressure=50
#percentage of system memory that can be filled with dirty pages
# run to check io performance with: sudo vmstat 1 20
vm.dirty_background_ratio=60
#maximum amount of system memory filled with dirty pages before committed
vm.dirty_ratio=80
vm.dirty_background_bytes=2684354560
vm.dirty_bytes=5368709120
#how often the flush processes wake up and check
vm.dirty_writeback_centisecs=10000
#how long something can be in cache before it needs to be written
vm.dirty_expire_centisecs=60000
vm.min_free_kbytes = 16384
# increase system file descriptor limit
fs.file-max=120000
#CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (number_of_bits_in_a_pointer / 32)
#low power CPU should halve mem usage limits
net.ipv4.netfilter.ip_conntrack_max = 16384
net.netfilter.nf_conntrack_max = 16384
net.nf_conntrack_max = 16384
net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 86400
kernel.pid_max = 32767
net.ipv4.ip_local_port_range = 2000 65000