2.9
nervecenter
-
Set the ephemeral port range to be lower.
net.inet.ip.portrange.first
1024
-
Drop packets to closed TCP ports without returning a RST
net.inet.tcp.blackhole
2
-
Do not send ICMP port unreachable messages for closed UDP ports
net.inet.udp.blackhole
1
-
Randomize the ID field in IP packets (default is 0: sequential IP IDs)
net.inet.ip.random_id
1
-
Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)
net.inet.tcp.drop_synfin
1
-
Disable sending IPv4 redirects
net.inet.ip.redirect
0
-
Disable sending IPv6 redirects
net.inet6.ip6.redirect
0
-
Generate SYN cookies for outbound SYN-ACK packets
net.inet.tcp.syncookies
1
-
Maximum incoming/outgoing TCP datagram size (receive)
net.inet.tcp.recvspace
65228
-
Maximum incoming/outgoing TCP datagram size (send)
net.inet.tcp.sendspace
65228
-
IP Fastforwarding
net.inet.ip.fastforwarding
1
-
Do not delay ACK to try and piggyback it onto a data packet
net.inet.tcp.delayed_ack
0
-
Maximum outgoing UDP datagram size
net.inet.udp.maxdgram
57344
-
Handling of non-IP packets which are not passed to pfil (see if_bridge(4))
net.link.bridge.pfil_onlyip
0
-
Allow unprivileged access to tap(4) device nodes
net.link.tap.user_open
1
-
Verbosity of the rndtest driver (0: do not display results on console)
kern.rndtest.verbose
0
-
Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())
kern.randompid
347
-
Maximum size of the IP input queue
net.inet.ip.intr_queue_maxlen
1000
normal
priq
pfSense
local
admin
$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.
Etc/UTC
300
pool.ntp.org
http
yes
sis0
192.168.1.1
24
100
Mb
sis1
dhcp
100
Mb
dyndns
192.168.1.100
192.168.1.199
public
-
0
*
*
*
*
root
/usr/bin/nice -n20 newsyslog
-
1,31
0-5
*
*
*
root
/usr/bin/nice -n20 adjkerntz -a
-
1
3
1
*
*
root
/usr/bin/nice -n20 /etc/rc.update_bogons.sh
-
*/60
*
*
*
*
root
/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
-
1
1
*
*
*
root
/usr/bin/nice -n20 /etc/rc.dyndns.update
-
*/60
*
*
*
*
root
/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
-
*/60
*
*
*
*
root
/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
-
*/5
*
*
*
*
root
/usr/local/bin/checkreload.sh
-
*/5
*
*
*
*
root
/etc/ping_hosts.sh
-
*/140
*
*
*
*
root
/usr/local/sbin/reset_slbd.sh