# tuning-freebsd-tcpip.txt, Sun Apr 20 20:46:04 CEST 2003, SinusPL
# last change: Sat Aug 23 02:57:52 CEST 2003
# All settings for sysctl in file /etc/sysctl.conf

# Increasing TCP window size
net.inet.tcp.sendspace=32768
net.inet.tcp.recvspace=32768

# Socket queue defense (DDoS)
kern.ipc.somaxconn=1024

# We don't like redirects
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.ip.redirect=0
net.inet6.ip6.redirect=0

# ARP tuning
net.link.ether.inet.max_age=1200

# We also don't like source-routed packets
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0

# Faster cleaning of dead sockets (TIME_WAIT state)
# old setting, deprecated
#net.ipv4.vs.timeout_timewait=60

# ICMP
net.inet.icmp.bmcastecho=0
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=10 # 100 for _really_ busy servers
net.inet.icmp.log_redirect=1

# we don't need unreachables
net.inet.tcp.blackhole=1

# unknwn connections
net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1
net.link.ether.inet.log_arp_wrong_iface=1