summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/inc/sysctl.inc40
-rw-r--r--etc/inc/system.inc10
2 files changed, 47 insertions, 3 deletions
diff --git a/etc/inc/sysctl.inc b/etc/inc/sysctl.inc
new file mode 100644
index 0000000..c90b074
--- /dev/null
+++ b/etc/inc/sysctl.inc
@@ -0,0 +1,40 @@
+<?php
+
+$sysctls = array("net.inet.ip.portrange.first" => "1024",
+ "net.inet.tcp.blackhole" => "2",
+ "net.inet.udp.blackhole" => "1",
+ "net.inet.ip.random_id" => "1",
+ "net.inet.tcp.drop_synfin" => "1",
+ "net.inet.ip.redirect" => "1",
+ "net.inet6.ip6.redirect" => "1",
+ "net.inet.tcp.syncookies" => "1",
+ "net.inet.tcp.recvspace" => "65228",
+ "net.inet.tcp.sendspace" => "65228",
+ "net.inet.ip.fastforwarding" => "1",
+ "net.inet.tcp.delayed_ack" => "0",
+ "net.inet.udp.maxdgram" => "57344",
+ "net.link.bridge.pfil_onlyip" => "0",
+ "net.link.bridge.pfil_member" => "1",
+ "net.link.bridge.pfil_bridge" => "0",
+ "net.link.tap.user_open" => "1",
+ "kern.rndtest.verbose" => "0",
+ "kern.randompid" => "347",
+ "net.inet.ip.intr_queue_maxlen" => "1000",
+ "hw.syscons.kbd_reboot" => "0",
+ "net.inet.tcp.inflight.enable" => "1",
+ "net.inet.tcp.log_debug" => "0",
+ "net.inet.icmp.icmplim" => "750",
+ "net.inet.tcp.tso" => "0",
+ "hw.bce.tso_enable" => "0"
+ );
+
+function get_default_sysctl_value($id) {
+ global $sysctls;
+ foreach($sysctls as $sysctl => $value) {
+ if($sysctl == $id)
+ return $value;
+ }
+}
+
+
+?> \ No newline at end of file
diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index dd54527..e3611ea 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -50,16 +50,20 @@ function activate_powerd() {
function activate_sysctls() {
global $config, $g;
-
+ require("sysctl.inc");
exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
- if (is_array($config['sysctl']))
- foreach ($config['sysctl']['item'] as $tunable)
+ if (is_array($config['sysctl'])) {
+ foreach ($config['sysctl']['item'] as $tunable) {
+ if($tunable['value'] == "default")
+ $tunable['value'] = get_default_sysctl_value($tunable['tunable']);
mwexec("sysctl " . $tunable['tunable'] . "=\""
. $tunable['value'] . "\"");
+ }
+ }
}
function system_resolvconf_generate($dynupdate = false) {
OpenPOWER on IntegriCloud