---
sysctl_tuning:
  # Network tuning
  net.core.somaxconn: 65535
  net.ipv4.tcp_max_syn_backlog: 65535
  net.ipv4.tcp_fin_timeout: 30
  net.ipv4.tcp_keepalive_time: 600
  net.ipv4.tcp_keepalive_probes: 5
  net.ipv4.tcp_keepalive_intvl: 15
  net.ipv4.ip_local_port_range: "1024 65535"

  # Memory tuning
  vm.swappiness: 10
  vm.vfs_cache_pressure: 50
  vm.dirty_ratio: 15
  vm.dirty_background_ratio: 5
  vm.overcommit_memory: 1
  vm.overcommit_ratio: 90

  # Security tuning
  net.ipv4.conf.all.rp_filter: 1
  net.ipv4.conf.default.rp_filter: 1
  net.ipv4.icmp_echo_ignore_broadcasts: 1
  net.ipv4.icmp_ignore_bogus_error_responses: 1
  net.ipv4.tcp_syncookies: 1