# /etc/sysctl.conf
#
##
# run /usr/local/sbin/sysctl.sh to set values
##
#
##### kernel settings #####
# IPC max number of incoming connections in queue (default 128)
kern.ipc.somaxconn=1024
# Turn up the maxsuckbuf (default 262144)
kern.ipc.maxsockbuf=524288
# IPC max number of sockets (default 512)
# sysctl: oid 'kern.ipc.maxsockets' is read only
#kern.ipc.maxsockets=2048
# Turn up maxvnodes (see in /etc/rc how the value is estimated)
# dynamic value dependent on amount of memory
# echo $(echo $(sysctl -n hw.physmem) '33554432 / 512 * 1024 +p'|dc)
kern.maxvnodes=84672
# Turn up the maxproc (default 532)
kern.maxproc=2048
# Turn up the maxfiles (default 12288)
kern.maxfiles=24576
# Turn up the maxproc per user (default 100)
kern.maxprocperuid=1000
# Turn upd the maxfilesperproc (default 10240)
kern.maxfilesperproc=20480
##### local stream settings #####
# Turn up the localstream recvspace (default 8192)
net.local.stream.recvspace=65535
# Turn up the localstream sendspace (default 8192)
net.local.stream.sendspace=65535
##### udp settings #####
# Turn up udp recvspace (default 42080)
net.inet.udp.recvspace=65535
# Turn up udp maxdgram (default 9216)
net.inet.udp.maxdgram=57344
##### tcp settings #####
# This sets a threshold that triggers increasing the send/recv windows for TCP
# connection from 32K to 64K to improve some file downloads.
# If your server has a lot of memory and serves only local traffic (like AFP clients
# on local LAN) you may want to increase this value beyond its default of 256 pcbs.
#
net.inet.tcp.sockthreshold=512
# Turn up tcp recvspace (default 32768)
net.inet.tcp.recvspace=65535
# Turn up tcp sendspace (default 32768)
net.inet.tcp.sendspace=65535
# enable RFC 1323, large tcp windows (default 1)
net.inet.tcp.rfc1323=1
##### security settings #####
# These security options can be enabled to prevent your network from responding
# with a reset to SYN request on a port that isn't listening, and to log such attempts.
# Their default value is 0.
#
net.inet.udp.blackhole=1
net.inet.udp.log_in_vain=0
# By setting the TCP blackhole MIB to a numeric value of one, the incoming SYN segment
# is merely dropped, and no RST is sent, making the system appear as a blackhole.
# By setting the MIB value to two, any segment arriving on a closed port is dropped
# without returning a RST.
#
net.inet.tcp.blackhole=1
net.inet.tcp.log_in_vain=0
# Turn on strict rfc 1948 (default 0)
# Defending against Sequence number Attacks
net.inet.tcp.strict_rfc1948=1
# Turn off tcp delayed ack (default 1)
net.inet.tcp.delayed_ack=0
# Turn on Firewall logging (default 0)
net.inet.ip.fw.verbose=0
# Limits the number of messages produced by a verbose firewall (default 0)
net.inet.ip.fw.verbose_limit=65535
# disable debug mode (default 1)
net.inet.ip.fw.debug=1
##### local icmp #####
# This sets the ICMP bandwidth limiter.
# On a busy server, to avoid excess messages in the log, you may want to
# increase this value beyond its default of 250 messages per second.
#
net.inet.icmp.icmplim=1024