A lightweight, intelligent Bash script to improve network performance on modern Linux systems. NetTune provides automated optimization of TCP/IP stack parameters, congestion control algorithms, DNS configuration, and network interface settings.

• BBR Congestion Control: Automatically detects and enables the best available TCP congestion control algorithm (BBR3, BBR2, BBR, or fallback to Cubic)
• Intelligent Queueing: Configures CAKE or fq_codel queueing disciplines based on kernel support
• Adaptive Sysctl Tuning: Dynamic buffer sizing based on available RAM and CPU cores
• MTU Discovery: Binary search algorithm to find optimal MTU for your network path
• DNS Hardening: Configures DNS-over-TLS with Cloudflare and Quad9 nameservers
• Interface Optimization: Automatic tuning of TX queue lengths and hardware offloads (GSO/GRO/TSO)

• Full Backup System: All configuration changes are backed up with timestamps
• Network Health Reports: Comprehensive diagnostics and status information
• Restore Capability: Easy restoration of previous configurations
• Detailed Logging: All actions logged to /var/log/netopt.log
• Interactive Menu: User-friendly interface for all operations

• Operating System: Linux (Ubuntu, Debian, and derivatives recommended)
• Kernel: 4.19+ (for full feature support including CAKE qdisc)
• Privileges: Root access required
• Dependencies:
  • bash 4.0+
  • iproute2 (ip command)
  • ethtool
  • sysctl
  • Standard utilities: ping, ss, free, nproc

1. Clone the repository:

git clone https://github.com/sh13y/nettune.git
cd nettune

2. Make the script executable:

chmod +x netopt.sh

3. Run with root privileges:

sudo ./netopt.sh

The script provides an interactive menu with the following options:

1) Apply Intelligent Optimizations  (BBR, sysctl, DNS, interfaces)
2) Find Optimal MTU
3) Network Health Report
4) Restore from Backup
0) Exit

This comprehensive option performs:

• Fixes /etc/hosts configuration
• Configures DNS with DoT support (systemd-resolved or resolv.conf)
• Forces IPv4 for APT package manager
• Optional full system update/upgrade
• Gathers system information (CPU cores, RAM)
• Applies adaptive sysctl tuning based on hardware
• Tunes network interfaces (txqueuelen, offloads)

Example Output:

CPU Cores : 8
Total RAM : 16384 MB

Applying: cc=bbr3 qdisc=cake rmem=16777216 wmem=16777216 backlog=500000
✓ sysctl applied
✓ Interface tuning done

Performs binary search to discover the maximum MTU supported by your network path:

• Default probe host: 8.8.8.8 (customizable)
• Tests MTU range from 576 to 9000 bytes
• Optionally applies discovered MTU to specified interface

Example:

Probe host [default: 8.8.8.8]: 1.1.1.1
✓ Optimal MTU: 1500 bytes
Interface to configure: eth0
✓ MTU 1500 set on eth0

Displays comprehensive network diagnostics:

• Current TCP congestion control settings
• Active queueing discipline
• Buffer sizes (rmem/wmem)
• Active connection statistics
• Network interface status
• Latency tests
• Recent log entries

Browse and restore from timestamped backups of configuration files:

• Lists all available backups
• Interactive selection
• Automatic sysctl reload
• Optional reboot prompt

Buffer sizes are automatically adjusted based on total RAM:

With systemd-resolved:

• Primary DNS: 1.1.1.2 (Cloudflare Security)
• Secondary DNS: 9.9.9.9 (Quad9)
• DNS-over-TLS: Enabled (opportunistic)
• DNSSEC: Enabled (allow-downgrade)

Without systemd-resolved:

• Fallback to /etc/resolv.conf with same nameservers
• EDNS0 and trust-ad options enabled

Key optimizations applied (excerpt):

# TCP Congestion Control
net.ipv4.tcp_congestion_control = bbr3

# Queueing Discipline
net.core.default_qdisc = cake

# MTU Path Discovery
net.ipv4.tcp_mtu_probing = 1

# TCP Fast Open
net.ipv4.tcp_fastopen = 3

# ECN Support
net.ipv4.tcp_ecn = 1

# Window Scaling
net.ipv4.tcp_window_scaling = 1

See the script for complete sysctl configuration.

• Automatic Backups: All modified files are backed up with timestamps before changes
• Restoration: Easy rollback to previous configurations
• Validation: Checks for kernel module support before enabling features
• Logging: Complete audit trail in /var/log/netopt.log
• Privilege Check: Requires root access and validates before execution
• Non-destructive: Uses drop-in files (/etc/sysctl.d/) rather than overwriting system files

• Script: netopt.sh
• Log File: /var/log/netopt.log
• Backups: /etc/netopt-backups/
• Sysctl Config: /etc/sysctl.d/99-netopt.conf
• DNS Config (systemd): /etc/systemd/resolved.conf.d/99-netopt.conf
• APT Config: /etc/apt/apt.conf.d/99-netopt-ipv4

1. Test in Non-Production: Always test in a development environment first
2. Backup Your System: While the script creates backups, maintain your own system backups
3. Review Changes: Understand what optimizations will be applied to your system
4. Network Impact: Some settings may require a reboot to take full effect

• BBR Requirements: BBR congestion control requires kernel 4.9+, BBR2 requires 5.8+, BBR3 requires 6.0+
• CAKE Requirements: CAKE qdisc requires kernel 4.19+ and sch_cake module
• systemd-resolved: DNS-over-TLS requires systemd 239+
• Cloud Environments: Some optimizations (like interface tuning) may not apply in certain virtualized environments
• IPv6: The script focuses on IPv4 optimizations but maintains IPv6 functionality

# Check if BBR module is available
modinfo tcp_bbr

# Check available congestion control algorithms
sysctl net.ipv4.tcp_available_congestion_control

# Manually load module
sudo modprobe tcp_bbr

# Check if CAKE module exists
modinfo sch_cake

# Fallback to fq_codel
sudo sysctl net.core.default_qdisc=fq_codel

# Check systemd-resolved status
systemctl status systemd-resolved

# View current DNS settings
resolvectl status

# Test DNS resolution
dig @1.1.1.2 example.com

After applying optimizations, test network performance:

# Latency test
ping -c 100 8.8.8.8

# Bandwidth test (requires iperf3)
iperf3 -c iperf.example.com

# HTTP download test
curl -o /dev/null -w "Speed: %{speed_download} bytes/sec\n" https://example.com/file

MIT License - See script header for details

sh13y - Version 2.0.0 (2026 Edition)

Contributions are welcome! Please ensure:

• Code follows existing style and conventions
• All changes are tested on multiple Linux distributions
• Documentation is updated accordingly
• Backup/restore functionality works with new features

• BBR congestion control: Google
• CAKE queueing discipline: The Bufferbloat project
• DNS-over-TLS: Cloudflare & Quad9

This script modifies critical system network settings. Use at your own risk. The author is not responsible for any network issues, performance degradation, or system instability that may result from using this script. Always maintain proper backups and test in non-production environments first.

For issues, questions, or contributions, please visit: https://github.com/sh13y/nettune