SYSCTL.conf

Has anyone tweaked their sysctl.conf lately to get the best desktop performance?

I've been playing with it for the last couple months. Thought I would pass on my sysctl.conf and see if anyone has any suggestions to improve it. It's rather long but I think if it helps anyone out get better performance or if anyone has any input on how I can make it better than what the hell.

Here it is :

#
# /etc/sysctl.conf - Configuration file for setting system variables
# See sysctl.conf (5) for information.
#

#kernel.domainname = example.com

# the following stops low-level messages on console
kernel.printk = 4 4 1 7

# enable /proc/$pid/maps privacy so that memory relocations are not
# visible to other users. (Added in kernel 2.6.22.)
kernel.maps_protect = 1

# Increase inotify availability
fs.inotify.max_user_watches = 524288

# protect bottom 64k of memory from mmap to prevent NULL-dereference
# attacks against potential future kernel security vulnerabilities.
# (Added in kernel 2.6.23.)
vm.mmap_min_addr = 65536

##############################################################3
# Functions previously found in netbase
#

# Comment the next two lines to disable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1

# Uncomment the next line to enable TCP/IP SYN cookies
# This disables TCP Window Scaling (http://lkml.org/lkml/2008/2/5/167)
#net.ipv4.tcp_syncookies=1

# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1

# Uncomment the next line to enable packet forwarding for IPv6
#net.ipv6.ip_forward=1


###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Ignore ICMP broadcasts
#net/ipv4/icmp_echo_ignore_broadcasts = 1
#
# Ignore bogus ICMP errors
net/ipv4/icmp_ignore_bogus_error_responses = 1
#
# Do not accept ICMP redirects (prevent MITM attacks)
net/ipv4/conf/all/accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net/ipv4/conf/all/secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
net/ipv4/conf/all/send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
net/ipv4/conf/all/accept_source_route = 0
#
# Log Martian Packets
#net/ipv4/conf/all/log_martians = 1
#
# Always defragment packets
#net/ipv4/ip_always_defrag = 1
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0

# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 0

########## MY #######################
# Enable ignoring ping request
net.ipv4.icmp_echo_ignore_all = 0

# Enable ignoring broadcasts request
net.ipv4.icmp_echo_ignore_broadcasts = 1

# Disables IP source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

# Disable ICMP Redirect Acceptance
#net.ipv4.conf.all.accept_redirects = 1
#net.ipv4.conf.default.accept_redirects = 1

# Enable bad error message Protection
net.ipv4.icmp_ignore_bogus_error_responses = 1

# Enable IP spoofing protection, turn on Source Address Verification
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1

# Log Spoofed Packets, Source Routed Packets, Redirect Packets
net.ipv4.conf.all.log_martians = 0
net.ipv4.conf.default.log_martians = 0
net.ipv4.conf.eth0.log_martians = 0

# Allowed local port range
#net.ipv4.ip_local_port_range = 32768 61000

# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 30

# Decrease the time default value for tcp_keepalive_time connection
net.ipv4.tcp_keepalive_time = 1800

# Enable packet forwarding
# Controls IP packet forwarding
net.ipv4.ip_forward = 0

# Improve file system performance
#vm.bdflush = 100 1200 128 512 15 5000 500 1884 2

# Improve virtual memory performance
#vm.buffermem = 80 10 60

# Improve and better control swapping into the system
#vm.freepages = 383 766 1149

# Increase swap bandwith system performance
#vm.kswapd = 1024 32 16

# Increase number of pages kernel reads in at once
vm.page-cluster = 10

# Improve files memory mapping and generic caching
#vm.pagecache = 50 80 100

# Improve number of page tables keeps in a per-proccessor cache
#vm.pagetable_cache = 45 75

# Improve the number of open files
fs.file-max = 16384
#fs.file-max = 8192

# Improve the number of inodes opened
#fs.inode-nr = 32768

#vm.max-readahead=128
#vm.min-readahead=64

#net.core.hot_list_length=256
net.ipv4.tcp_reordering=5
net.ipv4.tcp_fin_timeout=25
net.ipv4.route.flush=1
vm.swappiness=15

vm.vfs_cache_pressure=50
net.core.rmem_default = 524288
net.core.rmem_max = 524288
net.core.wmem_default = 524288
net.core.wmem_max = 524288
net.ipv4.tcp_wmem = 4096 87380 524288
net.ipv4.tcp_rmem = 4096 87380 524288
net.ipv4.tcp_mem = 524288 524288 524288
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_rfc1337 = 1
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_ecn = 0
kernel.shmmax = 268435456
net.ipv4.ipfrag_high_thresh = 512000
net.ipv4.ipfrag_low_thresh = 446464

net.core.optmem_max = 57344

# tcp_window_scaling
net.ipv4.tcp_window_scaling = 1

# tcp_sack
net.ipv4.tcp_sack = 1

# tcp_timestamps
net.ipv4.tcp_timestamps = 1