Actually make default sysctls reside on globals.inc and use those by default this allows to trim down the config.xml sysctl and also fixes #3666 by setting set source interface on reply of icmp
This commit is contained in:
parent
d3c36b1d8d
commit
c46f9695ec
|
@ -153,7 +153,11 @@ $sysctls = array("net.inet.ip.portrange.first" => "1024",
|
|||
"net.inet.udp.checksum" => 1,
|
||||
"net.bpf.zerocopy_enable" => 1,
|
||||
"net.inet.icmp.reply_from_interface" => 1,
|
||||
"vfs.forcesync" => "0"
|
||||
"vfs.forcesync" => "0",
|
||||
"net.enc.out.ipsec_bpf_mask" => "0x0001",
|
||||
"net.enc.out.ipsec_filter_mask" => "0x0001",
|
||||
"net.enc.in.ipsec_bpf_mask" => "0x0002",
|
||||
"net.enc.in.ipsec_filter_mask" => "0x0002"
|
||||
);
|
||||
|
||||
/* Include override values for the above if needed. If the file doesn't exist, don't try to load it. */
|
||||
|
|
|
@ -73,19 +73,12 @@ function get_default_sysctl_value($id) {
|
|||
}
|
||||
|
||||
function activate_sysctls() {
|
||||
global $config, $g;
|
||||
global $config, $g, $sysctls;
|
||||
|
||||
if ($g['platform'] == 'jail')
|
||||
return;
|
||||
|
||||
$sysctls = array(
|
||||
"net.enc.out.ipsec_bpf_mask" => "0x0001",
|
||||
"net.enc.out.ipsec_filter_mask" => "0x0001",
|
||||
"net.enc.in.ipsec_bpf_mask" => "0x0002",
|
||||
"net.enc.in.ipsec_filter_mask" => "0x0002"
|
||||
);
|
||||
|
||||
if(is_array($config['sysctl'])) {
|
||||
if (is_array($config['sysctl'])) {
|
||||
foreach($config['sysctl']['item'] as $tunable) {
|
||||
if($tunable['value'] == "default")
|
||||
$value = get_default_sysctl_value($tunable['tunable']);
|
||||
|
|
Reference in New Issue