Annotation of src/etc/sysctl.conf, Revision 1.54
1.54 ! yasuoka 1: # $OpenBSD: sysctl.conf,v 1.53 2012/05/31 15:04:03 sthen Exp $
1.21 deraadt 2: #
3: # This file contains a list of sysctl options the user wants set at
4: # boot time. See sysctl(3) and sysctl(8) for more information on
5: # the many available variables.
6: #
1.40 brad 7: #net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
8: #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
1.44 pyr 9: #net.inet.ip.multipath=1 # 1=Enable IP multipath routing
1.47 sthen 10: #net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
1.50 fgsch 11: #net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
1.40 brad 12: #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
1.41 itojun 13: #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
1.44 pyr 14: #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
1.15 itojun 15: #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0)
1.53 sthen 16: #net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
17: #net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds
1.38 brad 18: #net.inet.tcp.rfc1323=0 # 0=Disable TCP RFC1323 extensions (for if tcp is slow)
1.39 jmc 19: #net.inet.tcp.rfc3390=0 # 0=Disable RFC3390 for TCP window increasing
1.24 deraadt 20: #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
21: #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
1.33 hshoexer 22: #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
1.24 deraadt 23: #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
1.35 deraadt 24: #net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
1.28 fgsch 25: #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
1.42 reyk 26: #net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
1.48 otto 27: #net.inet.carp.log=3 # log level of carp(4) info, default 2
1.54 ! yasuoka 28: #net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8)
1.5 deraadt 29: #ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
1.8 deraadt 30: #ddb.console=1 # 1=Permit entry of ddb from the console
1.5 deraadt 31: #fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
1.34 deraadt 32: #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
1.45 mbalmer 33: #vfs.nfs.iothreads=4 # Number of nfsio kernel threads
34: #net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
1.49 mikeb 35: #kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
36: #kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
1.45 mbalmer 37: #kern.splassert=2 # 2=Enable with verbose error messages
38: #kern.nosuidcoredump=2 # 2=Put suid coredumps in /var/crash
1.46 mbalmer 39: #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
40: #kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
1.51 deraadt 41: #kern.pool_debug=0 # 0=Disable pool corruption checks (faster)
1.52 naddy 42: #hw.allowpowerdown=0 # 0=Disable power button shutdown