diff options
author | Ermal <eri@pfsense.org> | 2014-11-10 21:47:14 +0100 |
---|---|---|
committer | Ermal <eri@pfsense.org> | 2014-11-10 21:47:14 +0100 |
commit | d87fcac96b45958bd777c7ac38cc0665dbde6062 (patch) | |
tree | 599a680c39d7db4a859595b17fe65b948def3dc9 /conf.default | |
parent | 24d728bb4feb848b10d42a81df0e0a92dd599764 (diff) | |
download | pfsense-d87fcac96b45958bd777c7ac38cc0665dbde6062.zip pfsense-d87fcac96b45958bd777c7ac38cc0665dbde6062.tar.gz |
Do not require the default sysctl items to be set on the config.xml but rather extract the definitions from the sysctl tree. Also to reduce config.xml size
Diffstat (limited to 'conf.default')
-rw-r--r-- | conf.default/config.xml | 152 |
1 files changed, 0 insertions, 152 deletions
diff --git a/conf.default/config.xml b/conf.default/config.xml index 01b2d59..68c361a 100644 --- a/conf.default/config.xml +++ b/conf.default/config.xml @@ -4,158 +4,6 @@ <version>9.9</version> <lastchange></lastchange> <theme>pfsense_ng</theme> - <sysctl> - <item> - <descr><![CDATA[Disable the pf ftp proxy handler.]]></descr> - <tunable>debug.pfftpproxy</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html]]></descr> - <tunable>vfs.read_max</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Set the ephemeral port range to be lower.]]></descr> - <tunable>net.inet.ip.portrange.first</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Drop packets to closed TCP ports without returning a RST]]></descr> - <tunable>net.inet.tcp.blackhole</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Do not send ICMP port unreachable messages for closed UDP ports]]></descr> - <tunable>net.inet.udp.blackhole</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Randomize the ID field in IP packets (default is 0: sequential IP IDs)]]></descr> - <tunable>net.inet.ip.random_id</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)]]></descr> - <tunable>net.inet.tcp.drop_synfin</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Enable sending IPv4 redirects]]></descr> - <tunable>net.inet.ip.redirect</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Enable sending IPv6 redirects]]></descr> - <tunable>net.inet6.ip6.redirect</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Enable privacy settings for IPv6 (RFC 4941)]]></descr> - <tunable>net.inet6.ip6.use_tempaddr</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Prefer privacy addresses and use them over the normal addresses]]></descr> - <tunable>net.inet6.ip6.prefer_tempaddr</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Generate SYN cookies for outbound SYN-ACK packets]]></descr> - <tunable>net.inet.tcp.syncookies</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (receive)]]></descr> - <tunable>net.inet.tcp.recvspace</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Maximum incoming/outgoing TCP datagram size (send)]]></descr> - <tunable>net.inet.tcp.sendspace</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[IP Fastforwarding]]></descr> - <tunable>net.inet.ip.fastforwarding</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Do not delay ACK to try and piggyback it onto a data packet]]></descr> - <tunable>net.inet.tcp.delayed_ack</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Maximum outgoing UDP datagram size]]></descr> - <tunable>net.inet.udp.maxdgram</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Handling of non-IP packets which are not passed to pfil (see if_bridge(4))]]></descr> - <tunable>net.link.bridge.pfil_onlyip</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Set to 0 to disable filtering on the incoming and outgoing member interfaces.]]></descr> - <tunable>net.link.bridge.pfil_member</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Set to 1 to enable filtering on the bridge interface]]></descr> - <tunable>net.link.bridge.pfil_bridge</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Allow unprivileged access to tap(4) device nodes]]></descr> - <tunable>net.link.tap.user_open</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())]]></descr> - <tunable>kern.randompid</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Maximum size of the IP input queue]]></descr> - <tunable>net.inet.ip.intr_queue_maxlen</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Disable CTRL+ALT+Delete reboot from keyboard.]]></descr> - <tunable>hw.syscons.kbd_reboot</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Enable TCP extended debugging]]></descr> - <tunable>net.inet.tcp.log_debug</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Set ICMP Limits]]></descr> - <tunable>net.inet.icmp.icmplim</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[TCP Offload Engine]]></descr> - <tunable>net.inet.tcp.tso</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[UDP Checksums]]></descr> - <tunable>net.inet.udp.checksum</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Maximum socket buffer size]]></descr> - <tunable>kern.ipc.maxsockbuf</tunable> - <value>default</value> - </item> - <item> - <descr><![CDATA[Reply ICMP from source interface]]></descr> - <tunable>net.inet.icmp.reply_from_interface</tunable> - <value>default</value> - </item> - </sysctl> <system> <optimization>normal</optimization> <hostname>pfSense</hostname> |