1*52e728d0Ssthen# $OpenBSD: sysctl.conf,v 1.7 2024/12/04 13:16:26 sthen Exp $ 213b617d2Sderaadt# 313b617d2Sderaadt# This file contains a list of sysctl options the user wants set at 4356fa7d8Ssolene# boot time. See sysctl(2) and sysctl(8) for more information on 513b617d2Sderaadt# the many available variables. 613b617d2Sderaadt# 713b617d2Sderaadt#net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets 813b617d2Sderaadt#net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets 913b617d2Sderaadt#net.inet.ip.multipath=1 # 1=Enable IP multipath routing 1013b617d2Sderaadt#net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects 1113b617d2Sderaadt#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets 1213b617d2Sderaadt#net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets 1313b617d2Sderaadt#net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing 1413b617d2Sderaadt#net.inet.tcp.always_keepalive=1 # 1=Keepalives for all connections (e.g. hotel/airport NAT) 1513b617d2Sderaadt#net.inet.tcp.keepidle=100 # 100=send TCP keepalives every 50 seconds 1613b617d2Sderaadt#net.inet.esp.enable=0 # 0=Disable the ESP IPsec protocol 1713b617d2Sderaadt#net.inet.ah.enable=0 # 0=Disable the AH IPsec protocol 1813b617d2Sderaadt#net.inet.esp.udpencap=0 # 0=Disable ESP-in-UDP encapsulation 1913b617d2Sderaadt#net.inet.ipcomp.enable=1 # 1=Enable the IPCOMP protocol 2013b617d2Sderaadt#net.inet.etherip.allow=1 # 1=Enable the Ethernet-over-IP protocol 2113b617d2Sderaadt#net.inet.tcp.ecn=1 # 1=Enable the TCP ECN extension 2213b617d2Sderaadt#net.inet.carp.preempt=1 # 1=Enable carp(4) preemption 2313b617d2Sderaadt#net.inet.carp.log=3 # log level of carp(4) info, default 2 2413b617d2Sderaadt#net.pipex.enable=1 # 1=Enable pipex(4) for npppd(8) 2513b617d2Sderaadt#ddb.panic=0 # 0=Do not drop into ddb on a kernel panic 2613b617d2Sderaadt#ddb.console=1 # 1=Permit entry of ddb from the console 27a63773d5Smillert#ddb.log=1 # 1=Log ddb output in kernel message buffer 289b8b48b5Ssthen#kern.allowdt=1 # 1=Enable dt(4) device for btrace(8) support 29*52e728d0Ssthen#kern.allowkmem=1 # 1=Allow access to kmem(4), needed for procmap(8) 3013b617d2Sderaadt#fs.posix.setuid=0 # 0=Traditional BSD chown() semantics 3113b617d2Sderaadt#vm.swapencrypt.enable=0 # 0=Do not encrypt pages that go to swap 3213b617d2Sderaadt#vfs.nfs.iothreads=4 # Number of nfsio kernel threads 3313b617d2Sderaadt#net.inet.ip.mtudisc=0 # 0=Disable tcp mtu discovery 3413b617d2Sderaadt#kern.splassert=2 # 2=Enable with verbose error messages 3513b617d2Sderaadt#kern.nosuidcoredump=3 # 3=Put suid coredumps in /var/crash/progname 3613b617d2Sderaadt#kern.watchdog.period=32 # >0=Enable hardware watchdog(4) timer if available 3713b617d2Sderaadt#kern.watchdog.auto=0 # 0=Disable automatic watchdog(4) retriggering 3813b617d2Sderaadt#hw.allowpowerdown=0 # 0=Disable power button shutdown 39