|
1
|
# Do not send RSTs for packets to closed ports
|
|
2
|
net.inet.tcp.blackhole=2
|
|
3
|
# Do not send ICMP port unreach messages for closed ports
|
|
4
|
net.inet.udp.blackhole=1
|
|
5
|
# Generate random IP_ID's
|
|
6
|
net.inet.ip.random_id=1
|
|
7
|
# Breaks RFC1379, but nobody uses it anyway
|
|
8
|
net.inet.tcp.drop_synfin=1
|
|
9
|
net.inet.ip.redirect=1
|
|
10
|
net.inet.tcp.syncookies=1
|
|
11
|
net.inet.tcp.recvspace=65228
|
|
12
|
net.inet.tcp.sendspace=65228
|
|
13
|
# fastforwarding - see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html
|
|
14
|
net.inet.ip.fastforwarding=1
|
|
15
|
net.inet.tcp.delayed_ack=0
|
|
16
|
net.inet.udp.maxdgram=57344
|
|
17
|
kern.rndtest.verbose=0
|
|
18
|
net.link.bridge.pfil_onlyip=0
|
|
19
|
net.link.tap.user_open=1
|
|
20
|
# The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput.
|
|
21
|
net.inet.tcp.inflight.enable=1
|
|
22
|
net.inet.ip.portrange.first=1024
|
|
23
|
net.inet.ip.intr_queue_maxlen=1000
|
|
24
|
net.link.bridge.pfil_bridge=0
|
|
25
|
# Disable TCP extended debugging
|
|
26
|
net.inet.tcp.log_debug=0
|
|
27
|
# Set a reasonable ICMPLimit
|
|
28
|
net.inet.icmp.icmplim=500
|
|
29
|
# TSO causes problems with em(4) and reply-to, and isn't of much benefit in a firewall, disable.
|
|
30
|
net.inet.tcp.tso=0
|