Tune Linux kernel parameters for performance and security.
View Current Settings
sysctl -a | grep net.ipv4Common Tuning
Edit /etc/sysctl.conf:
# Enable IP forwarding (for VPN/NAT)\nnet.ipv4.ip_forward = 1\n\n# Increase connection backlog\nnet.core.somaxconn = 65535\n\n# Increase file descriptor limits\nfs.file-max = 65535\n\n# Reduce swappiness\nvm.swappiness = 10\n\n# Disable ICMP redirects (security)\nnet.ipv4.conf.all.accept_redirects = 0\nnet.ipv4.conf.all.send_redirects = 0\n\n# SYN flood protection\nnet.ipv4.tcp_syncookies = 1\nnet.ipv4.tcp_max_syn_backlog = 65535Apply
sysctl -p