From df23ccfe824eb2d6ea579d4ecd0e56483a5f3c37 Mon Sep 17 00:00:00 2001
From: Scott Ullrich <sullrich@pfsense.org>
Date: Thu, 5 Jul 2007 16:13:38 +0000
Subject: Set the ephemeral port range starting port to 1024 instead of 49152.
 On a busy firewall it is possible to run out of ephemeral ports and then the
 system will block new connections until a port is available.

---
 cf/conf/config.xml | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'cf/conf')

diff --git a/cf/conf/config.xml b/cf/conf/config.xml
index 10c44db..7625903 100644
--- a/cf/conf/config.xml
+++ b/cf/conf/config.xml
@@ -6,6 +6,11 @@
 	<theme>nervecenter</theme>
 	<sysctl>
 		<item>
+			<desc>Set the ephemeral port range to be lower.</desc>
+			<tunable>net.inet.ip.portrange.first</tunable>
+			<value>1024</value>
+		</item>
+		<item>
 			<desc>Drop packets to closed TCP ports without returning a RST</desc>
 			<tunable>net.inet.tcp.blackhole</tunable>
 			<value>2</value>
-- 
cgit v1.1