diff options
author | Ermal Luçi <eri@pfsense.org> | 2008-11-04 22:38:00 +0000 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2008-11-04 22:38:00 +0000 |
commit | 68c3a2644020ab168aab434e62557e65bfbfe932 (patch) | |
tree | 6d101787fff95b82c703bac0f5020053e1edabe0 /etc/inc | |
parent | 5b3c21b3b2c201eaa8504d4be30189374f06b670 (diff) | |
download | pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.zip pfsense-68c3a2644020ab168aab434e62557e65bfbfe932.tar.gz |
Disable bpf(4) abilities on enc0 by default its too much overhead to be on by default.
If one wishes to look up the ipsec traffic through tcpdump they can set the sysctl themselves with explanations here:
http://www.freebsd.org/cgi/man.cgi?query=enc&apropos=0&sektion=4&manpath=FreeBSD+8-current&format=html
Diffstat (limited to 'etc/inc')
-rw-r--r-- | etc/inc/system.inc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 03204f4..878d37e 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -40,9 +40,9 @@ function activate_sysctls() { mwexec("sysctl " . $tunable['tunable'] . "=\"" . $tunable['value'] . "\""); - exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000002"); + exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000"); exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000000"); - exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000001"); + exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000"); exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000001"); } |