Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size

1 files changed, 0 insertions, 152 deletions

diff --git a/conf.default/config.xml b/conf.default/config.xml
index 01b2d59..68c361a 100644
--- a/conf.default/config.xml
+++ b/conf.default/config.xml
@@ -4,158 +4,6 @@
 	<version>9.9</version>
 	<lastchange></lastchange>
 	<theme>pfsense_ng</theme>
-	<sysctl>
-		<item>
-			<descr><![CDATA[Disable the pf ftp proxy handler.]]></descr>
-			<tunable>debug.pfftpproxy</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr>
-			<tunable>vfs.read_max</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set the ephemeral port range to be lower.]]></descr>
-			<tunable>net.inet.ip.portrange.first</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr>
-			<tunable>net.inet.tcp.blackhole</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr>
-			<tunable>net.inet.udp.blackhole</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr>
-			<tunable>net.inet.ip.random_id</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr>
-			<tunable>net.inet.tcp.drop_synfin</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable sending IPv4 redirects]]></descr>
-			<tunable>net.inet.ip.redirect</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable sending IPv6 redirects]]></descr>
-			<tunable>net.inet6.ip6.redirect</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr>
-			<tunable>net.inet6.ip6.use_tempaddr</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr>
-			<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr>
-			<tunable>net.inet.tcp.syncookies</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr>
-			<tunable>net.inet.tcp.recvspace</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr>
-			<tunable>net.inet.tcp.sendspace</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[IP Fastforwarding]]></descr>
-			<tunable>net.inet.ip.fastforwarding</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr>
-			<tunable>net.inet.tcp.delayed_ack</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum outgoing UDP datagram size]]></descr>
-			<tunable>net.inet.udp.maxdgram</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr>
-			<tunable>net.link.bridge.pfil_onlyip</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr>
-			<tunable>net.link.bridge.pfil_member</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr>
-			<tunable>net.link.bridge.pfil_bridge</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr>
-			<tunable>net.link.tap.user_open</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr>
-			<tunable>kern.randompid</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum size of the IP input queue]]></descr>
-			<tunable>net.inet.ip.intr_queue_maxlen</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr>
-			<tunable>hw.syscons.kbd_reboot</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Enable TCP extended debugging]]></descr>
-			<tunable>net.inet.tcp.log_debug</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Set ICMP Limits]]></descr>
-			<tunable>net.inet.icmp.icmplim</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[TCP Offload Engine]]></descr>
-			<tunable>net.inet.tcp.tso</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[UDP Checksums]]></descr>
-			<tunable>net.inet.udp.checksum</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Maximum socket buffer size]]></descr>
-			<tunable>kern.ipc.maxsockbuf</tunable>
-			<value>default</value>
-		</item>
-		<item>
-			<descr><![CDATA[Reply ICMP from source interface]]></descr>
-			<tunable>net.inet.icmp.reply_from_interface</tunable>
-			<value>default</value>
-		</item>
-	</sysctl>
 	<system>
 		<optimization>normal</optimization>
 		<hostname>pfSense</hostname>