pfSense

# Do not send RSTs for packets to closed ports

net.inet.tcp.blackhole=2

# Do not send ICMP port unreach messages for closed ports

net.inet.udp.blackhole=1

# Generate random IP_ID's

net.inet.ip.random_id=1

# Breaks RFC1379, but nobody uses it anyway

net.inet.tcp.drop_synfin=1

net.inet.ip.redirect=0

net.inet.tcp.syncookies=1

net.inet.tcp.recvspace=65228

net.inet.tcp.sendspace=65228

# fastforwarding - see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html

net.inet.ip.fastforwarding=1

net.inet.tcp.delayed_ack=0

net.inet.udp.maxdgram=57344

kern.rndtest.verbose=0

net.link.bridge.pfil_onlyip=0

net.link.tap.user_open=1