2.9 nervecenter Set the ephemeral port range to be lower. net.inet.ip.portrange.first 1024 Drop packets to closed TCP ports without returning a RST net.inet.tcp.blackhole 2 Do not send ICMP port unreachable messages for closed UDP ports net.inet.udp.blackhole 1 Randomize the ID field in IP packets (default is 0: sequential IP IDs) net.inet.ip.random_id 1 Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) net.inet.tcp.drop_synfin 1 Disable sending IPv4 redirects net.inet.ip.redirect 0 Disable sending IPv6 redirects net.inet6.ip6.redirect 0 Generate SYN cookies for outbound SYN-ACK packets net.inet.tcp.syncookies 1 Maximum incoming/outgoing TCP datagram size (receive) net.inet.tcp.recvspace 65228 Maximum incoming/outgoing TCP datagram size (send) net.inet.tcp.sendspace 65228 IP Fastforwarding net.inet.ip.fastforwarding 1 Do not delay ACK to try and piggyback it onto a data packet net.inet.tcp.delayed_ack 0 Maximum outgoing UDP datagram size net.inet.udp.maxdgram 57344 Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) net.link.bridge.pfil_onlyip 0 Allow unprivileged access to tap(4) device nodes net.link.tap.user_open 1 Verbosity of the rndtest driver (0: do not display results on console) kern.rndtest.verbose 0 Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) kern.randompid 347 Maximum size of the IP input queue net.inet.ip.intr_queue_maxlen 1000 normal pfSense local admin $1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re. Etc/UTC 300 pool.ntp.org http yes sis0 192.168.1.1 24 100 Mb sis1 dhcp 100 Mb dyndns 192.168.1.100 192.168.1.199 public pass Default LAN -> any lan lan 0 * * * * root /usr/bin/nice -n20 newsyslog 1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a 1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c */5 * * * * root /usr/local/bin/checkreload.sh */5 * * * * root /etc/ping_hosts.sh */140 * * * * root /usr/local/sbin/reset_slbd.sh