Annotation of src/etc/sysctl.conf, Revision 1.57
1.57 ! tedu 1: # $OpenBSD: sysctl.conf,v 1.56 2014/05/06 23:05:51 tedu Exp $
1.21 deraadt 2: #
3: # This file contains a list of sysctl options the user wants set at
4: # boot time. See sysctl(3) and sysctl(8) for more information on
5: # the many available variables.
6: #
1.40 brad 7: #net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
8: #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets
1.44 pyr 9: #net.inet.ip.multipath=1 # 1=Enable IP multipath routing
1.47 sthen 10: #net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
1.50 fgsch 11: #net.inet6.icmp6.rediraccept=1 # 1=Accept IPv6 ICMP redirects (for hosts)
1.40 brad 12: #net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
1.41 itojun 13: #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets
1.44 pyr 14: #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing
1.15 itojun 15: #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0)
1.53 sthen 16: #net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT)
17: #net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds
1.24 deraadt 18: #net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol
19: #net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol
1.33 hshoexer 20: #net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation
1.24 deraadt 21: #net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol
1.35 deraadt 22: #net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol
1.28 fgsch 23: #net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension
1.42 reyk 24: #net.inet.carp.preempt=1 # 1=Enable carp(4) preemption
1.48 otto 25: #net.inet.carp.log=3 # log level of carp(4) info, default 2
1.54 yasuoka 26: #net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8)
1.5 deraadt 27: #ddb.panic=0 # 0=Do not drop into ddb on a kernel panic
1.8 deraadt 28: #ddb.console=1 # 1=Permit entry of ddb from the console
1.5 deraadt 29: #fs.posix.setuid=0 # 0=Traditional BSD chown() semantics
1.34 deraadt 30: #vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap
1.45 mbalmer 31: #vfs.nfs.iothreads=4 # Number of nfsio kernel threads
32: #net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery
1.49 mikeb 33: #kern.usercrypto=1 # 1=Enable userland use of /dev/crypto
34: #kern.userasymcrypto=1 # 1=Permit userland to do asymmetric crypto
1.45 mbalmer 35: #kern.splassert=2 # 2=Enable with verbose error messages
1.57 ! tedu 36: #kern.nosuidcoredump=3 # 3=Put suid coredumps in /var/crash/progname
1.46 mbalmer 37: #kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available
38: #kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering
1.52 naddy 39: #hw.allowpowerdown=0 # 0=Disable power button shutdown