diff --git a/sysctl.conf b/sysctl.conf
index 297f31a..d67f7a6 100644
--- a/sysctl.conf
+++ b/sysctl.conf
@@ -1,38 +1,46 @@
-#fs.nfs.nlm_tcpport = 0
-#fs.nfs.nlm_udpport = 0
-#kernel.panic = 3
-#kernel.pid_max = 999999
-kernel.shmmax = 2147483647
-#kernel.sysrq = 0
-net.bridge.bridge-nf-call-arptables = 0
-net.bridge.bridge-nf-call-ip6tables = 0
-net.bridge.bridge-nf-call-iptables = 0
-net.bridge.bridge-nf-filter-vlan-tagged = 0
-#net.ipv4.conf.all.accept_redirects = 0
-#net.ipv4.conf.all.accept_source_route = 0
-net.ipv4.conf.all.rp_filter = 1
-#net.ipv4.conf.all.secure_redirects = 0
-#net.ipv4.conf.default.accept_redirects = 0
-#net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.default.rp_filter = 1
-#net.ipv4.conf.default.secure_redirects = 0
-#net.ipv4.icmp_echo_ignore_broadcasts = 1
-#net.ipv4.ip_dynaddr = 0
-net.ipv4.ip_forward = 1
-#net.ipv4.tcp_ecn = 0
-net.ipv4.tcp_fin_timeout = 30
-net.ipv4.tcp_keepalive_time = 1800
-net.ipv4.tcp_sack = 0
-#net.ipv4.tcp_syncookies = 1
-net.ipv4.tcp_timestamps = 0
-net.ipv4.tcp_window_scaling = 0
-vm.dirty_writeback_centisecs=6000
-vm.laptop_mode=5
-vm.swappiness = 10
+### --- OPTIMIZATION --- ###
+# swap usage (default = 60)
+vm.swappiness = 5
+# (default = 100)
 vm.vfs_cache_pressure = 1000
+
+# http://www.linux.org.ru/wiki/en/User:shimon/12309
+# reduce memory size allowed to process (default = 0 )
 vm.overcommit_memory = 2
-vm.overcommit_ratio = 70
+# memory allowed to process: total_swap + total_ram * overcommit_ratio / 100 (default = 50 )
+vm.overcommit_ratio = 50
+# disk buffer size (default = 0 )
 vm.dirty_bytes = 1048576
+# disk buffer size (default = 0 )
 vm.dirty_background_bytes = 1048576
-vm.dirty_background_ratio = 10
-vm.dirty_ratio = 40
+# (default = 40)
+vm.dirty_ratio = 20
+# (default = 10)
+vm.dirty_background_ratio = 5
+
+# -- more 12309 tricks --
+# (default = 3000)
+vm.dirty_expire_centisecs =  1000
+# (default = 500)
+vm.dirty_writeback_centisecs = 200
+
+### ----- SECURITY ----- ###
+# enable ip forwarding (default = 0)
+net.ipv4.ip_forward = 0
+# enable filtering by source IP address (default = 0)
+net.ipv4.conf.all.rp_filter = 1
+net.ipv4.conf.default.rp_filter = 1
+# accept ICMP-messages for routes (default = 1)
+net.ipv4.conf.default.accept_redirects = 0
+# enable secure redirects (default = 1)
+net.ipv4.conf.all.secure_redirects = 1
+# allow sender to define route (default = 0)
+net.ipv4.conf.default.accept_source_route = 0
+
+### ------ OTHER ------- ###
+# reboot on kernel panic, seconds (default = 0)
+kernel.panic = 5
+# several multimedia apps require this option
+kernel.shmmax = 2147483647
+# laptop mode (default = 5)
+vm.laptop_mode=5