Skip to content

Instantly share code, notes, and snippets.

@Niemi
Last active Aug 29, 2015
Embed
What would you like to do?
# https://gist.github.com/gretel/f458cfcfc63850c3d3f5
#
# $OpenBSD: sysctl.conf,v 1.58 2014/07/11 16:43:07 henning Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time. See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
#net.inet.ip.multipath=1 # 1=Enable IP multipath routing
#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
#net.inet6.icmp6.rediraccept=0 # 1=Accept IPv6 ICMP redirects (for hosts)
net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
#net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
#net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds
#net.inet.esp.enable=1 # 0=Disable the ESP IPsec protocol
#net.inet.ah.enable=1 # 0=Disable the AH IPsec protocol
#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
#net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
#net.inet.carp.log=3 # log level of carp(4) info, default 2
#net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8)
ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
#db.console=0 # 1=Permit entry of ddb from the console
#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
#vfs.nfs.iothreads=4 # Number of nfsio kernel threads
net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
#kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
#kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
kern.splassert=2 # 2=Enable with verbose error messages
kern.nosuidcoredump=3 # 3=Put suid coredumps in /var/crash/progname
kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
#hw.allowpowerdown=0 # 0=Disable power button shutdown
#machdep.allowaperture=2 # See xf86(4)
#machdep.kbdreset=1 # permit console CTRL-ALT-DEL to do a nice halt
#machdep.lidsuspend=1 # laptop lid closes cause a suspend
kern.pool_debug=0
kern.maxfiles=21090
kern.maxclusters=61440
kern.somaxconn=512
kern.bufcachepercent=25
net.bpf.bufsize=65535
net.inet.ip.maxqueue=1024
net.inet.ip.ifq.maxlen=512
net.inet.ip.redirect=0
net.inet.ip.mtudisctimeout=90
net.inet6.ip6.use_deprecated=0
net.inet.udp.recvspace=124800
net.inet.udp.sendspace=55296
net.inet.divert.recvspace=131072
net.inet.divert.sendspace=131072
net.inet6.divert.recvspace=131072
net.inet6.divert.sendspace=131072
net.inet.icmp.errppslimit=300
net.inet6.icmp6.errppslimit=300
net.inet.tcp.rstppslimit=300
net.inet.tcp.mssdflt=1452
net.inet.tcp.reasslimit=9216
net.inet.tcp.synbucketlimit=210
net.inet.tcp.keepinittime=300
net.inet.tcp.keepidle=600
net.inet.tcp.keepintvl=60
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment