diff options
| -rw-r--r-- | etc/inc/globals.inc | 6 | ||||
| -rw-r--r-- | etc/inc/system.inc | 11 |
2 files changed, 7 insertions, 10 deletions
diff --git a/etc/inc/globals.inc b/etc/inc/globals.inc index de37f8b..61fbe28 100644 --- a/etc/inc/globals.inc +++ b/etc/inc/globals.inc @@ -153,7 +153,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024", "net.inet.udp.checksum" => 1, "net.bpf.zerocopy_enable" => 1, "net.inet.icmp.reply_from_interface" => 1, - "vfs.forcesync" => "0" + "vfs.forcesync" => "0", + "net.enc.out.ipsec_bpf_mask" => "0x0001", + "net.enc.out.ipsec_filter_mask" => "0x0001", + "net.enc.in.ipsec_bpf_mask" => "0x0002", + "net.enc.in.ipsec_filter_mask" => "0x0002" ); /* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */ diff --git a/etc/inc/system.inc b/etc/inc/system.inc index ee3e6e3..273b5a2 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -73,19 +73,12 @@ function get_default_sysctl_value($id) { } function activate_sysctls() { - global $config, $g; + global $config, $g, $sysctls; if ($g['platform'] == 'jail') return; - $sysctls = array( - "net.enc.out.ipsec_bpf_mask" => "0x0001", - "net.enc.out.ipsec_filter_mask" => "0x0001", - "net.enc.in.ipsec_bpf_mask" => "0x0002", - "net.enc.in.ipsec_filter_mask" => "0x0002" - ); - - if(is_array($config['sysctl'])) { + if (is_array($config['sysctl'])) { foreach($config['sysctl']['item'] as $tunable) { if($tunable['value'] == "default") $value = get_default_sysctl_value($tunable['tunable']); |
