sthen
9f28b5ee1d
By default, don't accept IPv4 ICMP redirects. This behaviour can be
changed with a sysctl, so note it in sysctl.conf. v6 needs further
testing following discussions on the tech mailing list; rainer@ points
out possible interactions with neighbour discovery which need to be
investigated first.
"go ahead on the v4 part" deraadt@
15 years ago
mbalmer
4546b03155
Add commented out entries for watchdog timers. If you enable the watchdog
timeout, either set auto retriggering or start watchdogd(8)...
From Mitja Muzenic. ok deraadt.
17 years ago
mbalmer
fc0741b8f4
Use consistent capitalization in comments. From mitja@muzenic.net.
17 years ago
pyr
34165a298a
document multipath options.
ok claudio@
17 years ago
henning
16630cb660
put commented out entry for kern.nosuidcoredump=2 in, yes theo & tedu
17 years ago
reyk
ce40941122
add two carp(4) sysctl examples: net.inet.carp.preempt=1 and
net.inet.carp.log=1. it is so common to enable carp preemption...
yes! henning@, ok mpf@
18 years ago
itojun
1c5b84a58f
add net.inet6.ip6.mforwarding which was forgotten when the variable was added.
18 years ago
brad
2a2411f846
mention net.inet.ip.mforwarding.
ok beck@ kettenis@ norby@
19 years ago
jmc
4ec91aeee3
correct comment;
ok deraadt@ brad@
19 years ago
brad
2641183f0a
Enable RFC3390 by default and remove a few compile time options which
can be changed via sysctl's.
ok markus@
19 years ago
jmc
aed065fb56
kern.usercrypto is enabled by default, so commented out entry should
show how to disable it;
ok deraadt@
19 years ago
tom
c9eede1f36
Fix grammar. From art@.
19 years ago
deraadt
827c2a7c87
show that net.inet.etherip.allow can be set here; pr 3972 ckuethe
20 years ago
deraadt
1e9e29156d
encrypt swap by default. cheap, and why not. can be disabled by people
who have machines that hit swap a lot. decided after survey of developers,
we found that most turned this on. ok various
20 years ago
hshoexer
d634356675
it's net.inet.esp.udpencap and not net.inet.udpencap.enable
ok ho henning msf
20 years ago
ho
3e87b40f88
Default enable udpencap. Add 'disable' sysctl to sysctl.conf. markus@ ok.
20 years ago
fgsch
46c9f78fc9
rfc3390 example; with deraadt@ help.
21 years ago
tedu
faf9ccbc07
put emul sysctls in appropriate arch. also fix up the comments.
problems noted by fgsch@ and deraadt@
21 years ago
tedu
6d19db743c
commented out emulations. requested by deraadt
21 years ago
fgsch
077a4540c0
ecn is disabled by default, so show the option enabled.
deraadt@ ok.
22 years ago
art
f62f2f05e8
blob for splassert.
suggested by deraadt@.
22 years ago
deraadt
109a1e6940
show net.inet.tcp.ecn option
22 years ago
deraadt
cf70518036
sysctl kern.usercrypto
23 years ago
deraadt
e913feecc5
enable ah & esp by default, now that we trust the code more
23 years ago
angelos
4a4fb3fa6a
IPSec->IPsec (jsyn@nthough.com)
23 years ago
fgsch
220716af19
Since mtu discovery is enabled by default, change line to disable if it's
uncommented; niels@ theo@ ok.
23 years ago
deraadt
c923c0c04e
more verbose description
24 years ago
angelos
4e69cc8345
Remove ipsec-acl
24 years ago
deraadt
ad9e62f556
mtu disc example
24 years ago
provos
f06b34a298
it's vm.swapencrypt.enable now.
24 years ago
mickey
a3b6521f86
nfsiod/nfs_client, bye bye
add commented out entry into sysctl.conf for vfs.nfs.iothreads
24 years ago
angelos
57c64ad01a
Add a sample commented out net.inet.ip.ipsec-acl=0 entry.
25 years ago
itojun
fd9d65dd43
ipv6 autoconf on hosts (non-routers).
to do this,
1. in sysctl.conf, add these lines:
net.inet6.ip6.forwarding=0
net.inet6.ip6.accept_rtadv=1
2. in hostname.foo, add
rtsol
specifying two or more interfaces with "rtsol" may result in strange
behavior - ipv6 spec does not permit multi-interface node to be autoconfig'ed.
25 years ago
provos
624976a0c2
insert #vm.swapencrypt=1
25 years ago
deraadt
bb0cc58058
show ip6.forwarding
25 years ago
angelos
6f0654d520
Bad commit (machdep.allowaperture), this already exists in etc.i386 --
obviously a long day :-X
25 years ago
angelos
ab9a9a53a5
Add a commented out machdep.allowaperture=1 line
25 years ago
niklas
dbb78dda47
Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.
If you are going to use either of AH or ESP or both, enable these in
/etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now
named net.inet.ip.encdebug. Some corrected function signatures too.
26 years ago
deraadt
22c01235c4
split sysctl.conf into MD and MI parts
27 years ago
deraadt
23da44758f
default to console ddb off
27 years ago
deraadt
74c6965e71
i386 only
27 years ago
matthieu
0e6aed22d1
add machdep.allowaperture
27 years ago
deraadt
54f2d77e5d
move fs.posix.setuid to sysctl.conf
27 years ago
deraadt
90195cf2cd
urgh
27 years ago
deraadt
fa2ab79168
more
27 years ago
deraadt
02d7fc1400
ddb sysctl
27 years ago
deraadt
338a6ea28e
introduce /etc/sysctl.conf containing sysctl variables to change at boot time
27 years ago