Disable bpf(4) abilities on enc0 by default its too much overhead to be on by default.

If one wishes to look up the ipsec traffic through tcpdump they can set the sysctl themselves with explanations here: http://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+8-current&format=html
author: Ermal Luçi <eri@pfsense.org> 2008-11-04 22:38:00 +0000
committer: Ermal Luçi <eri@pfsense.org> 2008-11-04 22:38:00 +0000
commit: 68c3a2644020ab168aab434e62557e65bfbfe932 (patch)
tree: 6d101787fff95b82c703bac0f5020053e1edabe0
parent: 5b3c21b3b2c201eaa8504d4be30189374f06b670 (diff)
download: pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.zip
pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index 03204f4..878d37e 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -40,9 +40,9 @@ function activate_sysctls() {
 			mwexec("sysctl " . $tunable['tunable'] . "=\"" 
 				. $tunable['value'] .  "\"");
 	
-	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000002");
+	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000");
 	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000000");
-	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000001");
+	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000");
 	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000001");
 	
 }
author	Ermal Luçi <eri@pfsense.org>	2008-11-04 22:38:00 +0000
committer	Ermal Luçi <eri@pfsense.org>	2008-11-04 22:38:00 +0000
commit	68c3a2644020ab168aab434e62557e65bfbfe932 (patch)
tree	6d101787fff95b82c703bac0f5020053e1edabe0
parent	5b3c21b3b2c201eaa8504d4be30189374f06b670 (diff)
download	pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.zip pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.tar.gz