|
version 1.2.2.1, 2011/10/24 23:31:30
|
version 1.9.2.1, 2017/06/08 11:12:45
|
|
Line 4
|
Line 4
|
| # |
# |
| # $Id$ |
# $Id$ |
| |
|
| sysctl -w net.inet.ip.forwarding=1 | sysctl -w kern.coredump=0 |
| | # Enable Fastforwarding (man 4 inet) and BREAK IPsec (but TCP_MD5 stills works with fastforwarding): |
| sysctl -w net.inet.ip.fastforwarding=1 |
sysctl -w net.inet.ip.fastforwarding=1 |
| |
sysctl -w net.bpf.zerocopy_enable=1 |
| |
sysctl -w kern.ipc.somaxconn=1024 |
| |
sysctl -w kern.eventtimer.periodic=1 |
| |
sysctl -w net.route.netisr_maxqlen=2048 |
| |
sysctl -w net.inet.ip.redirect=0 |
| |
sysctl -w net.inet.ip.forwarding=1 |
| |
sysctl -w net.inet.icmp.reply_from_interface=1 |
| |
sysctl -w net.inet.tcp.ecn.enable=1 |
| |
sysctl -w net.inet6.ip6.forwarding=1 |
| |
sysctl -w net.inet6.ip6.accept_rtadv=0 |
| |
sysctl -w net.inet6.ip6.no_radr=0 |
| sysctl -w kern.maxfilesperproc=4096 |
sysctl -w kern.maxfilesperproc=4096 |
| |
sysctl -w kern.maxfiles=1024 |
| |
#sysctl -w kern.ipc.maxsockets=16384 |
| |
#sysctl -w kern.ipc.maxsockbuf=16777216 |
| |
#sysctl -w kern.ipc.maxpipekva=16777216 |
| |
#sysctl -w net.graph.maxdgram=131072 |
| |
#sysctl -w net.graph.recvspace=131072 |
| |
# Sendmsg() cat't send messages more than maxdgram length. |
| |
# Default value causes routing software to fail with OSPF if jumbo frames is turned on. |
| |
sysctl -w net.inet.raw.maxdgram=16384 |
| |
sysctl -w net.inet.raw.recvspace=16384 |
| |
# Increasing bpf perfs (in -current only ?) |
| |
#sysctl -w net.bpf.optimize_writers=1 |
| |
# Current CPU can manage a lot's more of interrupts than default (1000) |
| |
# The 9000 value was found in /usr/src/sys/dev/ixgbe/README |
| |
sysctl -w hw.intr_storm_threshold=9000 |
| |
|
| #kern.ipc.maxsockbuf=16777216 | # Improve a lot's the polling performance |
| #net.inet.tcp.recvbuf_max=16777216 | # Enable idle_poll |
| #net.inet.tcp.sendbuf_max=16777216 | #sysctl -w kern.polling.idle_poll=1 |
| #net.inet.tcp.sendspace=65536 | # The default value of 150 was for FastEthernet: |
| #net.inet.tcp.recvspace=65536 | #sysctl -w kern.polling.burst_max=20000 |
| #net.inet.udp.recvspace=65536 | #sysctl -w kern.polling.each_burst=50 |
| | # For a router, don't need to share 50/50 with user process |
| | #sysctl -w kern.polling.user_frac=30 |
| |
|
| |
#sysctl -w hw.ath.bstuck=8 |
| #net.inet.tcp.mssdflt=1452 |
#net.inet.tcp.mssdflt=1452 |
| #net.inet.tcp.hostcache.expire=1 |
#net.inet.tcp.hostcache.expire=1 |
| |
|
| #dev.ath.0.hal.ar5416_biasadj=1 |
#dev.ath.0.hal.ar5416_biasadj=1 |
| |
|
| |
#Power save: Disable power for device with no driver loaded |
| |
sysctl -w hw.pci.do_power_nodriver=3 |
| |
|
| |
# blackhole(8) |
| |
# Disable this feature because prevent traceroute to works correctly |
| |
#sysctl -w net.inet.tcp.blackhole=2 |
| |
#sysctl -w net.inet.udp.blackhole=1 |
| |
# prevent users from seeing information about processes that |
| |
# are being run under another UID. |
| |
#sysctl -w security.bsd.see_other_uids=0 |
| |
#sysctl -w security.bsd.see_other_gids=0 |
| |
# Prevent some potential exploit |
| |
#sysctl -w security.bsd.unprivileged_proc_debug=0 |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sysctl.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / elwix / config / etc / default