# Do not send RSTs for packets to closed ports
net.inet.tcp.blackhole=2
# Do not send ICMP port unreach messages for closed ports
net.inet.udp.blackhole=1
# Generate random IP_ID's
net.inet.ip.random_id=1
# Breaks RFC1379, but nobody uses it anyway
net.inet.tcp.drop_synfin=1
net.inet.ip.redirect=1
net.inet.tcp.syncookies=1
net.inet.tcp.recvspace=65228
net.inet.tcp.sendspace=65228
# fastforwarding - see http://lists.freebsd.org/pipermail/freebsd-net/2004-January/002534.html
net.inet.ip.fastforwarding=1
net.inet.tcp.delayed_ack=0
net.inet.udp.maxdgram=57344
kern.rndtest.verbose=0
net.link.bridge.pfil_onlyip=0
net.link.tap.user_open=1
# The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput.
net.inet.tcp.inflight.enable=1
net.inet.ip.portrange.first=1024
net.inet.ip.intr_queue_maxlen=1000
net.link.bridge.pfil_bridge=0
# Disable TCP extended debugging
net.inet.tcp.log_debug=0
# Set a reasonable ICMPLimit
net.inet.icmp.icmplim=500
# TSO causes problems with em(4) and reply-to, and isn't of much benefit in a firewall, disable.
net.inet.tcp.tso=0