pfSense

# Do not send RSTs for packets to closed ports

net.inet.tcp.blackhole=2

# Do not send ICMP port unreach messages for closed ports

net.inet.udp.blackhole=1

# Generate random IP_ID's

net.inet.ip.random_id=1

# Breaks RFC1379, but nobody uses it anyway

net.inet.tcp.drop_synfin=1

net.inet.ip.redirect=0

kern.ipc.somaxconn=2048

net.inet.tcp.syncookies=1

net.inet.tcp.recvspace=65228

net.inet.tcp.sendspace=65228

net.inet.ip.fastforwarding=1

net.isr.enable=1

kern.maxfiles=16384

kern.maxfilesperproc=16384

net.inet.tcp.delayed_ack=0

kern.ipc.maxsockbuf=2097152

net.inet.udp.maxdgram=57344