Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp

1 files changed, 5 insertions, 1 deletions

diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc
index de37f8b..61fbe28 100644
--- a/etc/inc/globals.inc
+++ b/etc/inc/globals.inc
@@ -153,7 +153,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
 	"net.inet.udp.checksum" => 1,
 	"net.bpf.zerocopy_enable" => 1,
 	"net.inet.icmp.reply_from_interface" => 1,
-	"vfs.forcesync" => "0"
+	"vfs.forcesync" => "0",
+	"net.enc.out.ipsec_bpf_mask" => "0x0001",
+	"net.enc.out.ipsec_filter_mask" => "0x0001",
+	"net.enc.in.ipsec_bpf_mask" => "0x0002",
+	"net.enc.in.ipsec_filter_mask" => "0x0002"
 );
 
 /* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */