kernel.panic=3
kernel.panic_on_oops=1
fs.file-max = 1000000
fs.inotify.max_user_watches=2048
net.ipv4.conf.default.arp_ignore=1
net.ipv4.conf.all.arp_ignore=1
net.ipv4.ip_forward=1
net.ipv4.icmp_echo_ignore_broadcasts=1
net.ipv4.icmp_ignore_bogus_error_responses=1
net.ipv4.tcp_ecn=0
net.ipv4.tcp_fin_timeout=10
net.ipv4.tcp_keepalive_time=60
net.ipv4.tcp_syncookies=1
net.ipv4.tcp_timestamps=1
net.ipv4.tcp_sack=1
net.ipv4.tcp_dsack=1
net.ipv4.tcp_mtu_probing=1

net.ipv6.conf.default.forwarding=1
net.ipv6.conf.all.forwarding=1

net.core.rmem_max = 4194304
net.core.wmem_max =	4194304

net.netfilter.nf_conntrack_acct=1
net.netfilter.nf_conntrack_checksum=0
net.netfilter.nf_conntrack_max=16384 # 16k, openwrt defualt
net.netfilter.nf_conntrack_tcp_timeout_established=3600
net.netfilter.nf_conntrack_udp_timeout=60
net.ipv4.netfilter.ip_conntrack_udp_timeout_stream=180
net.netfilter.nf_conntrack_udp_timeout_stream=180
net.netfilter.nf_conntrack_skip_filter=1

net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_sent2=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv=30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=30
net.ipv4.netfilter.ip_conntrack_tcp_timeout_last_ack=10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=10
net.ipv4.netfilter.ip_conntrack_tcp_timeout_max_retrans=30

net.ipv4.tcp_max_tw_buckets=40960
#net.ipv4.netfilter.ip_conntrack_buckets=8192
net.ipv4.ip_local_port_range=1025 65530

net.ipv4.tcp_tw_reuse=1

# disable bridge firewalling by default
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0

vm.dirty_background_ratio=5
vm.dirty_ratio=10
vm.dirty_expire_centisecs=500
vm.dirty_writeback_centisecs=200
vm.extfrag_threshold=100
vm.min_free_kbytes=512
vm.pagecache_limit_mb=16
vm.kwapd_reclaim_order_shift=2
vm.min_free_order_shift=2
vm.vfs_cache_pressure=800