diff options
| author | Ermal <eri@pfsense.org> | 2014-11-10 20:32:05 +0100 |
|---|---|---|
| committer | Ermal <eri@pfsense.org> | 2014-11-10 20:32:05 +0100 |
| commit | c46f9695ec7baf6dcfcc5a488fe0dd5dd6f4a00f (patch) | |
| tree | 0e97934121c0822cc108d4b2defd1cdcb0c0ebc2 /etc | |
| parent | d3c36b1d8dfce0461bb00177b0db6eae3ff5c2b1 (diff) | |
| download | pfsense-c46f9695ec7baf6dcfcc5a488fe0dd5dd6f4a00f.zip pfsense-c46f9695ec7baf6dcfcc5a488fe0dd5dd6f4a00f.tar.gz | |
Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/globals.inc | 6 | ||||
| -rw-r--r-- | etc/inc/system.inc | 11 |
2 files changed, 7 insertions, 10 deletions
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index de37f8b..61fbe28 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -153,7 +153,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.udp.checksum" => 1, "net.bpf.zerocopy_enable" => 1, "net.inet.icmp.reply_from_interface" => 1, - "vfs.forcesync" => "0" + "vfs.forcesync" => "0", + "net.enc.out.ipsec_bpf_mask" => "0x0001", + "net.enc.out.ipsec_filter_mask" => "0x0001", + "net.enc.in.ipsec_bpf_mask" => "0x0002", + "net.enc.in.ipsec_filter_mask" => "0x0002" ); /* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */ diff --git a/etc/inc/system.inc b/etc/inc/system.inc index ee3e6e3..273b5a2 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -73,19 +73,12 @@ function get_default_sysctl_value($id) { } function activate_sysctls() { - global $config, $g; + global $config, $g, $sysctls; if ($g['platform'] == 'jail') return; - $sysctls = array( - "net.enc.out.ipsec_bpf_mask" => "0x0001", - "net.enc.out.ipsec_filter_mask" => "0x0001", - "net.enc.in.ipsec_bpf_mask" => "0x0002", - "net.enc.in.ipsec_filter_mask" => "0x0002" - ); - - if(is_array($config['sysctl'])) { + if (is_array($config['sysctl'])) { foreach($config['sysctl']['item'] as $tunable) { if($tunable['value'] == "default") $value = get_default_sysctl_value($tunable['tunable']); |
