Revision c46f9695
Added by Ermal LUÇI over 10 years ago
| etc/inc/globals.inc | ||
|---|---|---|
| 153 | 153 |
"net.inet.udp.checksum" => 1, |
| 154 | 154 |
"net.bpf.zerocopy_enable" => 1, |
| 155 | 155 |
"net.inet.icmp.reply_from_interface" => 1, |
| 156 |
"vfs.forcesync" => "0" |
|
| 156 |
"vfs.forcesync" => "0", |
|
| 157 |
"net.enc.out.ipsec_bpf_mask" => "0x0001", |
|
| 158 |
"net.enc.out.ipsec_filter_mask" => "0x0001", |
|
| 159 |
"net.enc.in.ipsec_bpf_mask" => "0x0002", |
|
| 160 |
"net.enc.in.ipsec_filter_mask" => "0x0002" |
|
| 157 | 161 |
); |
| 158 | 162 |
|
| 159 | 163 |
/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */ |
| etc/inc/system.inc | ||
|---|---|---|
| 73 | 73 |
} |
| 74 | 74 |
|
| 75 | 75 |
function activate_sysctls() {
|
| 76 |
global $config, $g; |
|
| 76 |
global $config, $g, $sysctls;
|
|
| 77 | 77 |
|
| 78 | 78 |
if ($g['platform'] == 'jail') |
| 79 | 79 |
return; |
| 80 | 80 |
|
| 81 |
$sysctls = array( |
|
| 82 |
"net.enc.out.ipsec_bpf_mask" => "0x0001", |
|
| 83 |
"net.enc.out.ipsec_filter_mask" => "0x0001", |
|
| 84 |
"net.enc.in.ipsec_bpf_mask" => "0x0002", |
|
| 85 |
"net.enc.in.ipsec_filter_mask" => "0x0002" |
|
| 86 |
); |
|
| 87 |
|
|
| 88 |
if(is_array($config['sysctl'])) {
|
|
| 81 |
if (is_array($config['sysctl'])) {
|
|
| 89 | 82 |
foreach($config['sysctl']['item'] as $tunable) {
|
| 90 | 83 |
if($tunable['value'] == "default") |
| 91 | 84 |
$value = get_default_sysctl_value($tunable['tunable']); |
Also available in: Unified diff
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp