2.9 nervecenter Set the ephemeral port range to be lower. net.inet.ip.portrange.first 1024 Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole 2 Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole 1 Randomize the ID field in IP packets (default is 0: sequential IP IDs) net.inet.ip.random_id 1 Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin 1 Disable sending IPv4 redirects net.inet.ip.redirect 0 Disable sending IPv6 redirects net.inet6.ip6.redirect 0 Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies 1 Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace 65228 Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace 65228 IP Fastforwarding net.inet.ip.fastforwarding 1 Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack 0 Maximum outgoing UDP datagram size net.inet.udp.maxdgram 57344 Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip 0 Allow unprivileged access to tap(4) device nodes net.link.tap.user_open 1 Verbosity of the rndtest driver (0: do not display results on console) kern.rndtest.verbose 0 Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid 347 Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen 1000 Disable CTRL+ALT+Delete reboot from keyboard. hw.syscons.kbd_reboot 0 Enable TCP Inflight mode net.inet.tcp.inflight.enable 1 normal priq pfSense local admins System Administrators system ANY index.php 110 admin System Administrator system admins $1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re. 0 lockwc Lock webConfigurator Indicates whether this user will lock access to the webConfigurator for other users. lock-ipages Lock individual pages Indicates whether this user will lock individual HTML pages after having accessed a particular page(the lock will be freed if the user leaves or saves the page form). hasshell Has shell access Indicates whether this user is able to login for example via SSH. isroot Is root user This user is associated with the UNIX root user (you should associate this privilege only with one single user). 115 115 Etc/UTC 300 0.pfsense.pool.ntp.org http yes sis0 192.168.1.1 24 100 Mb sis1 dhcp 100 Mb dyndns 192.168.1.100 192.168.1.199 public pass Default LAN -> any lan lan 0 * * * * root /usr/bin/nice -n20 newsyslog 1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a 1 3 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c */5 * * * * root /usr/local/bin/checkreload.sh */5 * * * * root /etc/ping_hosts.sh */140 * * * * root /usr/local/sbin/reset_slbd.sh