Last active
September 1, 2025 20:12
-
-
Save lzlrd/329127a86b5e65488695a04de3e9fd13 to your computer and use it in GitHub Desktop.
OpenWRT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # --- Performance Tuning (Balanced for 512MB RAM) --- | |
| # See https://wiki.archlinux.org/title/Sysctl#Improving_performance | |
| # Increase network queue backlog for handling traffic bursts. | |
| sysctl -w net.core.netdev_max_backlog=8192 | |
| # Set more generous network buffer sizes. | |
| # See https://access.redhat.com/sites/default/files/attachments/20150325_network_performance_tuning.pdf | |
| sysctl -w net.core.rmem_default=524288 | |
| sysctl -w net.core.wmem_default=524288 | |
| sysctl -w net.core.rmem_max=8388608 | |
| sysctl -w net.core.wmem_max=8388608 | |
| sysctl -w net.core.optmem_max=65536 | |
| sysctl -w net.ipv4.tcp_rmem='4096 524288 8388608' | |
| sysctl -w net.ipv4.tcp_wmem='4096 65536 8388608' | |
| sysctl -w net.ipv4.udp_rmem_min=8192 | |
| sysctl -w net.ipv4.udp_wmem_min=8192 | |
| # --- TCP Behavior Tuning --- | |
| sysctl -w net.ipv4.tcp_slow_start_after_idle=0 | |
| sysctl -w net.ipv4.tcp_mtu_probing=1 | |
| sysctl -w net.ipv4.tcp_fin_timeout=15 | |
| sysctl -w net.ipv4.tcp_timestamps=1 | |
| sysctl -w net.ipv4.tcp_sack=0 | |
| # --- TCP/IP Stack Security Hardening --- | |
| # See https://wiki.archlinux.org/title/Sysctl#TCP/IP_stack_hardening | |
| sysctl -w net.ipv4.tcp_syncookies=1 | |
| sysctl -w net.ipv4.tcp_rfc1337=1 | |
| # Enable Reverse Path Filtering to prevent IP spoofing. | |
| sysctl -w net.ipv4.conf.default.rp_filter=1 | |
| sysctl -w net.ipv4.conf.all.rp_filter=1 | |
| # --- Kernel Hardening --- | |
| # See https://wiki.archlinux.org/title/Security#Kernel_hardening | |
| # Restrict access to kernel pointers. | |
| sysctl -w kernel.kptr_restrict=1 | |
| # Enable BPF JIT hardening. | |
| sysctl -w net.core.bpf_jit_harden=2 | |
| # Restrict ptrace scope. | |
| sysctl -w kernel.yama.ptrace_scope=1 | |
| # --- Explicit Congestion Notification --- | |
| sysctl -w net.ipv4.tcp_ecn=1 | |
| # --- Hardware Offloading --- | |
| # Loop through all physical network interfaces to apply offloading settings. | |
| for i in $(ip -o link show | awk -F': ' '{print $2}' | grep -v "lo" | sed 's/@.*$//'); do | |
| # Enable a standard set of hardware offloading features for maximum throughput. | |
| ethtool --offload "$i" rx on tx on sg on tso on ufo on gso on gro on lro on rxvlan on txvlan on ntuple on rxhash on rx-udp-gro-forwarding on | |
| # Disable tx-nocache-copy, which can improve performance on some hardware. | |
| # See https://enterprise-support.nvidia.com/s/article/how-to-bypass-local-cache--disable-tx-nocache-copy-x | |
| ethtool -K "$i" "tx-nocache-copy" off | |
| # Disable rx-gro-list to prevent potential UDP throughput issues with protocols like QUIC. | |
| # See https://tailscale.com/blog/quic-udp-throughput | |
| ethtool -K "$i" "rx-gro-list" off | |
| done | |
| # --- Wi-Fi Transmit Power --- | |
| # Set the transmit power for both Wi-Fi radios to the maximum. | |
| for i in "phy0" "phy1"; do | |
| curTxpower="$(iw dev "$i-ap0" info | grep "txpower" | awk '{printf "%d", $2 * 100}' || echo "0")" | |
| iw "$i" set txpower fixed 3000 | |
| iw "$i" set txpower fixed 3200 | |
| iw "$i" set txpower fixed 3400 | |
| iw "$i" set txpower fixed 3600 | |
| done | |
| # --- DMZ Bridge Configuration --- | |
| # Enable hairpin mode on the DMZ bridge. | |
| echo "1" | tee /sys/devices/virtual/net/br-dmz/*/brport/hairpin_mode | |
| # --- Wireless Ethernet Dispatch (WED) --- | |
| wedParam="/sys/module/mt7915e/parameters/wed_enable" | |
| # If the WED parameter is not "Y", update the config. | |
| if [ "$(cat "$wedParam")" != "Y" ]; then | |
| echo "Y" | tee "$wedParam" | |
| printf "\noptions mt7915e wed_enable=Y\n" >> /etc/modules.conf | |
| fi | |
| # --- Regulatory Database (regdb) --- | |
| regdb="/lib/firmware/regulatory.db" | |
| # Replace the regulatory database if it does not match the expected SHA1 hash. | |
| if [ "$(sha1sum "$regdb" | awk '{print $1}')" != "508b2e2d33af72450a56f53ffe270820eba4e5e6" ]; then | |
| printf "UkdEQgAAABQwMAO3QUQD9UFFBG1BRgR6QUkEh0FMA+JBTQRcQU4EekFSBG1BUwQ9QVQD5kFVA8dB | |
| VwR6QVoEcUJBA/VCQgSTQkQEqkJFA+ZCRgRtQkcD5kJIBF9CTAR6Qk0EPUJOBIRCTwSlQlIEIEJT | |
| BJpCVAR6QlkEekJaBL9DQQQtQ0YEYkNIA/BDSQRtQ0wEhENOA/lDTwRtQ1IEWENVBBJDWASaQ1kD | |
| 5kNaA+ZERQPmREsD5kRNBDZETwQ2RFoEkEVDBBhFRQPmRUcEwUVTA+ZFVAR6RkkD5kZNBD1GUgPr | |
| R0IDu0dEBDlHRQR0R0YEh0dIBG1HTASHR1AEh0dSA+ZHVAQ2R1UEMkdZBLhISwQlSE4EbUhSA91I | |
| VAQ9SFUD5klEBBVJRQPmSUwETElOBLBJUgSqSVMD9UlUA+ZKTQRtSk8EjUpQBEdLRQSKS0gEektO | |
| BIBLUARBS1IECUtXBHdLWQSaS1oD0kxCBG1MQwSATEkD9UxLBFhMUwR6TFQD5kxVA+ZMVgPmTUEE | |
| d01DA+JNRAPiTUUD4k1GBIdNSAQ9TUsD9U1OBJpNTwSsTVAEPU1RBIdNUgR6TVQD5k1VBJpNVgPa | |
| TVcEek1YBG1NWQSWTkcEok5JBD1OTAPmTk8D8E5QBIROWgS0T00EelBBBClQRQRtUEYEh1BHBG1Q | |
| SAPOUEsEUFBMA+ZQTQSHUFIEOVBUA+ZQVwQ9UFkEmlFBBAVSRQSHUk8D5lJTA/VSVQP9UlcEbVNB | |
| BHpTRQPmU0cEDlNJA+ZTSwPmU04EbVNSBHpTVgRVU1kERVRDBJ5URAR6VEcEZlRIBG1UTgR3VFID | |
| 1lRUBG1UVwQcVFoEqFVBBAFVRwSaVVMDwFVZBJNVWgR3VkMEelZFBLxWSQQ9Vk4EaVZVBG1XRgSH | |
| V1MEZllFBEVZVASHWkEEfVpXBHoAAAAAIwIAAjQCAARKAwAGSgcABiMBAAI0AQAERgMABkoHAAYQ | |
| AA4QAAuFOAAOKQAAAD6AEAgOEAALhTgADikAAAA+gBAAC7gADcNwAA3LQAAAB9AQAAu4AA3LQAAO | |
| CcAAAD6AEAALuAAN9jgADgnAAAAPoBAAC7gADgnAAA4pAAAAH0AQAAu4ACSfAAAluEAAAJxAEAAH | |
| 0AAknwAAJeUsAACcQBACB9AAJJ8AACXlLAAAnEAQAAj8ACSfAAAl5SwAAJxAEAAI/QAknwAAJeUs | |
| AACcQBACCooAJJ8AACXlLAAAnEAQAAu4ACSfAAAl5SwAAJxAEAAOEAAknwAAJeUsAACcQBAADhIA | |
| JJ8AACXlLAAAnEAQAA4QACSfAAAmDjAAAJxAEAALuAAkptAAJbhAAACcQBAAB9AAJKbQACXfUAAA | |
| TiAQAAfQACSm0AAl31AAAJxAEAAI/AAkptAAJd9QAACcQBAAC7gAJKbQACXfUAAAnEAQAAfQACSm | |
| 0AAl5SwAAJxAEAEH0AAlwBAAJg4wAABOIBAACPwASuuwAEwkMAAAnEAQEAj8AE6VMABPzbAAAJxA | |
| EBQGogBOlTAAUBvQAAE4gBQSB9AATpUwAFAb0AABOIAAAACxEBAI/ABOlTAAUBvQAAE4gBQQCPwA | |
| TpUwAFAb0AABOIAAAACxEBII/ABOlTAAUBvQAAE4gBQSCPwATpUwAFAb0AABOIAAAACxEBAI/QBO | |
| lTAAUBvQAAE4gBQQCP0ATpUwAFAb0AABOIAAAACxEBII/QBOlTAAUBvQAAE4gBQSCP0ATpUwAFAb | |
| 0AABOIAAAACxEBIKjABOlTAAUBvQAAE4gBAAC7gATpUwAFAb0AABOIAQEA4QAE6VMABQG9AAATiA | |
| FAIOEABOlTAAUBvQAAJxAAAAALEQEgj9AE6VMABQafAAATiAEBQH0ABOlTAAUaJwAAE4gBACCP0A | |
| TpUwAFGicAABOIAQCgj9AE6VMABRonAAATiAEAIH0ABOlTAAUaJwAAJxABAADhAATpUwAFnzWAAC | |
| cQAQAAakAE7jUABQG9AAAE4gEAAHCABO41AAUBvQAABOIBAAB9AATuNQAFAb0AAATiAQAAakAE7j | |
| UABQG9AAAJxAEAAH0ABO41AAUBvQAACcQBAABqQATuNQAFAb0AABOIAQEAakAE7jUABQG9AAATiA | |
| EBAHCABO41AAUBvQAAE4gBAQB9AATuNQAFAb0AABOIAUEAfQAE7jUABQG9AAATiAAAAAsRAACPwA | |
| TuNQAFAb0AABOIAQEAj8AE7jUABQG9AAATiAEBAJYABO41AAUBvQAAE4gBQQCWAATuNQAFAb0AAB | |
| OIAAAACxEBAGpABPzbAAUBvQAABOIBAEBwgAUBvQAFFUUAAATiAQBAfQAFAb0ABRVFAAAE4gEAQI | |
| /ABQG9AAUVRQAABOIBAECWAAUBvQAFFUUAAATiAQBAfQAFAb0ABRVFAAAJxAEAQJYABQG9AAUVRQ | |
| AACcQBAUBwgAUBvQAFFUUAABOIAQFAfQAFAb0ABRVFAAATiAFBQH0ABQG9AAUVRQAAE4gAAAALEU | |
| FgfQAFAb0ABRVFAAATiAAAAAsRAUCPwAUBvQAFFUUAABOIAQBAlgAFAb0ABRVFAAATiAEBQJYABQ | |
| G9AAUVRQAAE4gBQUCWAAUBvQAFFUUAABOIAAAACxEAQLuABQG9AAUVRQAAE4gBAUB9AAUBvQAFGi | |
| cAABOIAUFAfQAFAb0ABRonAAATiAAAAAsRAWB9AAUBvQAFGicAABOIAUFgfQAFAb0ABRonAAATiA | |
| AAAAsRAUCDAAUBvQAFGicAABOIAQFAj8AFAb0ABRonAAATiAEBYI/ABQG9AAUaJwAAE4gBQUCP0A | |
| UBvQAFGicAABOIAAAACxEBYI/QBQG9AAUaJwAAE4gBAECWAAUBvQAFGicAABOIAQFAlgAFAb0ABR | |
| onAAATiAEBYKjABQG9AAUaJwAAE4gBAQC7gAUBvQAFGicAABOIAUBg4QAFAb0ABRonAAAnEAAAAA | |
| sRAWB9AAUGnwAFGicAABOIAUBA4QAFGicABXbtAAAnEAAAAAsRAECWAAU3cwAFVzAAABOIAQBAqK | |
| AFN3MABVcwAAATiAEBYH0ABTdzAAVZoQAAE4gBAICV0AU3cwAFdbSAABOIAQBAfQAFN3MABXW0gA | |
| AnEAEAYH0ABTdzAAV1tIAAJxABQGB9AAU3cwAFdbSAACcQAAAACxEAQIMABTdzAAV1tIAAJxABAE | |
| CWAAU3cwAFdbSAACcQAUBAqKAFN3MABXW0gAAnEAAAAAsRQWCooAU3cwAFdbSAACcQAAAACxEAQK | |
| jABTdzAAV1tIAAJxABQECowAU3cwAFdbSAACcQAAAACxEBQKjABTdzAAV1tIAAJxABAAC7gAU3cw | |
| AFdbSAACcQAQBAj8AFN3MABXbtAAAnEAEAQJYABTdzAAV27QAAJxABAECowAU3cwAFdu0AACcQAQ | |
| BAu4AFPFUABU/dAAATiAEAQLuABTxVAAVegwAABOIBAECWAAU8VQAFY2UAACcQAQBAj8AFPFUABW | |
| hHAAAnEAEAQKjABTxVAAVyCwAACcQBAECowAU8VQAFcgsAACcQAUBAqMAFPFUABXILAAAnEAAAAA | |
| sRAAC7gAU8VQAFcgsAACcQAQBAu4AFPFUABXILAAAnEAEAQJYABTxVAAV27QAABOIBAECWAAU8VQ | |
| AFdu0AAAnEAQBAlgAFPFUABXbtAAATiAEAQI/ABTxVAAV27QAAJxABAECWAAU8VQAFdu0AACcQAU | |
| BAlgAFPFUABXbtAAAnEAAAAAsRAEC7gAU8VQAFdu0AACcQAUAgj8AFPY2ABiCagAAnEAAAAAsRAQ | |
| CP0AVZoQAFdbSAABOIAQBAlgAFY2UABXbtAAATiAEAQKigBWNlAAV27QAAE4gBACB9AAVjZQAFlD | |
| kAACcQAQAgj9AFdbSABY4egAATiAEAAH0ABXW0gAWUOQAAE4gBACB9AAV1tIAFlDkAABOIAQAAj8 | |
| AFdbSABZQ5AAATiAEAAI/QBXW0gAWUOQAAE4gBAACWAAV1tIAFlDkAABOIAQAAu4AFdbSABZQ5AA | |
| ATiAEBALuABXW0gAWUOQAAE4gBAADOQAV1tIAFlDkAABOIAQAA4QAFdbSABZQ5AAATiAEAAFdQBX | |
| W0gAWaU4AAE4gBAGB9AAV1tIAFmlOAABOIAQEAj9AFdbSABZpTgAATiAEAALuABXW0gAWaU4AAE4 | |
| gBACDhAAV1tIAFnzWAACcQAQEAu4AFdu0ABZQ5AAATiAEAAOEABXbtAAWUOQAAE4gBAQDhIAV27Q | |
| AFlDkAABOIAQAAj8AFeCWABYHpgAAJxAEAALuABXglgAWLrYAABOIBAAC7gAV4JYAFi62AABOIAQ | |
| AAfQAFeCWABZCPgAAE4gEAALuABXglgAWQj4AABOIBAAC7gAV4JYAFkI+AAAnEAQAAfQAFeCWABZ | |
| CPgAATiAEAAI/ABXglgAWQj4AAE4gBAACWAAV4JYAFkI+AABOIAQAAu4AFeCWABZCPgAATiAEBAF | |
| dQBZQ5AAWaU4AABOIBAaCowAWUOQAFnzWAAAnEAQAAV4AFpoiABiCagAAnEAEAIH0ABaaIgAYgmo | |
| AAJxABACCP0AWmiIAGIJqAACcQAQAgldAFpoiABiCagAAnEAEAIF3ABaaIgAbLgIAAJxABACBLAA | |
| WmiIAGy4CAAE4gAQCgSwAFpoiABsuAgABOIAEAAOEABaaIgAbLgIAATiABQCDhAAWmiIAGy4CAAE | |
| 4gAAAACxFAII/ABatqgAYgmoAAJxAAAAALEUAgj9AFq2qABiCagAAnEAAAAAsRAAEMwDZcBAA9CQ | |
| AAAg9YAQAAPoA2XAQAPvFIAAIPWAEAIGQgNlwEAD7xSAACD1gBAACWADZcBAA+8UgAAg9YAQAA+g | |
| A2XAQAPvFIAAIPWAEAIPoANlwEAD7xSAACD1gBAAEMwDZcBAA+8UgAAg9YAQAA+gA2XAQAQ7X8AA | |
| IPWAEAIQzQNlwEAEO1/AACD1gBAAEMwDZcBABDtfwACD1gAQAArwA2lpwAOKX0AAIPWAEAAPoANp | |
| acAEO1/AACD1gBAAETADil9AA8xKQAAg9YAQAArwA8xKQAPtP8AAIPWAAwUAAAC5APUBbwNsA6MA | |
| AAMIAgAAvQD1AVYCJwIwAxADcAOjAwsBAADBAMUAzQDRASYCGwJ5AxQDTANoA6sAAAMLAgAAyQDN | |
| APEBQQH5AjkC0AMcA0gDXAOfAAADBgEAANUBJgIGAlYC7AOLAwYCAADVAS8B+QJJAuADjwMGAgAA | |
| 1QEzAdYCaALDA48DBAIAANUBOAHwAtwDBwIAANUBPAIOAloDAAN1A48AAAMFAgAA1QFFAf0CWgMA | |
| AAADBwIAANUBRQH9AloDAAN1A48AAAMHAgAA1QFFAf0CWgMAA3UDmwAAAwcCAADVAUUB/QJaAwAD | |
| egObAAADBgIAANUBRQH9AloDAAOPAwYBAADVAV8C+AOnA68DswMFAAAA1QFrAtQDVAOTAAADBgIA | |
| ANkBIQH9Ak0C4AOHAwYCAADZAUECEwJJAwQDkwMIAwAA3QEZAa0B8AJFAuQDYAOXAwYBAADdASYB | |
| 8AJkAvADjwMEAQAA4QFnAkEC6AMDAwAA5QFjAtgAAAMFAQAA6QEdAgICUgLwAAADBgEAAOkBJgIG | |
| AnUC8AOPAwcBAADpAUoCHwJtAvQDaAObAAADBgIAAO0BLwIKAn0DGANQAwYBAADtAVICIwJxAvwD | |
| fwMHAQAA+QEvAhsCNQLMA0QDZAAAAwUBAAD5AXMBvQKmAzAAAAMEAQAA+QGLAdsDRAMFAQAA+QGL | |
| AeMCtgNEAAADBQEAAPkBpAHjArYDRAAAAwUDAAD9AXsBtQKFAyQAAAMBAAABAQAAAwgDAAEBAREB | |
| FQGTAc0CsgNYA4MDBQIAAQEBQQITAl8DCAAAAwcDAAEBAVsCLAI9AsgDDAOPAAADBAEAAQEBcwG5 | |
| AzADBQEAAQEBcwG9AqYDMAAAAwMCAAEBAXcBsQAAAwQDAAEBAXsBtQMsAwUBAAEBAX8BxQKqAzQA | |
| AAMEAgABAQGDAcECkQMFAQABAQGHAd8CrgNEAAADBQEAAQEBiwHjArYDRAAAAwMCAAEBAY8ByQAA | |
| AwQCAAEBAY8ByQOPAwMCAAEBAZMBzQAAAwQCAAEBAZMBzQKVAwQCAAEBAZMBzQKeAwUCAAEBAZMB | |
| zQKiAygAAAMEAwABAQGTAc0DOAMEAgABAQGXAdECmQMEAwABAQGcAoEDIAMDAwABAQGcAzwAAAME | |
| AwABAQGgAdsCjQMEAQABAQGgAdsDRAMFAQABAQGkAeMCiQNAAAADBQEAAQEBpAHjArYDRAAAAwUB | |
| AAEBAagB5wK6A0QAAAMDAgABAQHsA0QAAAMDAwABAQHsA0QAAAMCAAABAQNEAwIDAAEBA0QDBQEA | |
| AQUBoAHbAr8DRAAAAwUAAAEJAU4CFwJWAwwAAAMFAgABCQGLAeMCtgNEAAADBQAAAQkBoAHbArID | |
| RAAAAwQBAAEJAaAB2wNEAwIDAAEJA0QDBAIAAQ0BKgH0A48=" | base64 -d | tee "$regdb" > "/dev/null" | |
| modprobe -r cfg80211 | |
| fi | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment