Performance Optimization and Tuning

1 min read Web Security Fundamentals

Performance Optimization and Tuning

Balance security with performance:

# Optimize connection tracking
cat >> /etc/sysctl.conf << EOF
# Connection tracking optimization
net.netfilter.nf_conntrack_max = 131072
net.netfilter.nf_conntrack_tcp_timeout_established = 7200
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
EOF

sudo sysctl -p

# Configure iptables with ipset for better performance
sudo apt install ipset

# Create ipset for blocked IPs
sudo ipset create blocked_ips hash:ip hashsize 4096 maxelem 100000
sudo iptables -I INPUT -m set --match-set blocked_ips src -j DROP

# Integrate Fail2ban with ipset
cat > /etc/fail2ban/action.d/ipset.conf << 'EOF'
[Definition]
actionstart = ipset create <name> hash:ip hashsize 4096 maxelem 100000
              iptables -I INPUT -m set --match-set <name> src -j DROP
actionstop = iptables -D INPUT -m set --match-set <name> src -j DROP
              ipset destroy <name>
actionban = ipset add <name> <ip>
actionunban = ipset del <name> <ip>
EOF