From 08c7e2e32cb0e25a0ab359160c3916cbc44133b2 Mon Sep 17 00:00:00 2001
From: Chris Buechler <cmb@pfsense.org>
Date: Sat, 8 Aug 2009 19:02:03 -0400
Subject: Allow tcpdump by default on enc. There is no measurable performance
 impact, and it's annoying to flip the sysctls to allow when needed.

---
 etc/inc/system.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/etc/inc/system.inc b/etc/inc/system.inc
index e9d92d0..9bf6a43 100644
--- a/etc/inc/system.inc
+++ b/etc/inc/system.inc
@@ -42,9 +42,9 @@ function activate_powerd() {
 function activate_sysctls() {
 	global $config, $g;
 	
-	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000000");
+	exec("/sbin/sysctl net.enc.out.ipsec_bpf_mask=0x00000001");
 	exec("/sbin/sysctl net.enc.out.ipsec_filter_mask=0x00000001");
-	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000000");
+	exec("/sbin/sysctl net.enc.in.ipsec_bpf_mask=0x00000002");
 	exec("/sbin/sysctl net.enc.in.ipsec_filter_mask=0x00000002");
 
 	if (is_array($config['sysctl'])) 
-- 
cgit v1.1