Essa vai dedicada ao Cristopher... :)
/etc/rc.conf
ifconfig_lan0="inet x.x.x.x/24 media 100baseTX mediaopt full-duplex"
# desative o autonegociacao de velocidade e force os parametros ethernet
log_in_vain="1"
icmp_bmcastecho="NO"
icmp_drop_redirect="YES"
tcp_keepalive="YES"
tcp_drop_synfin="YES"
tcp_extensions="YES" # RFC 1323 - TCP Extensions for High Performance
fsck_y_enable="YES"
check_quotas="NO"
kern_securelevel_enable="YES"
kern_securelevel="1"
clear_tmp_enable="YES"
virecover_enable="NO"
update_motd="NO"
/etc/sysctl.conf
security.bsd.see_other_uids=0
net.inet.ip.check_interface=1 # protection against spoof ip packets
net.inet.ip.random_id=1
net.inet.ip.fastforwarding=1
net.inet.ip.process_options=0
net.inet.icmp.maskrepl=0
net.inet.tcp.blackhole=2 # blackhole pings, traceroutes, etc.
net.inet.tcp.rfc3042=1 # Enhancing TCP's Loss Recovery Using Limited Transmit
net.inet.tcp.rfc3390=1 # Increasing TCP's Initial Window
net.inet.tcp.sack.enable=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.keepidle=300000
net.inet.tcp.keepintvl=150
net.inet.tcp.recvspace=65535
net.inet.tcp.sendspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.blackhole=1
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
kern.fallback_elf_brand=3
kern.polling.enable=1 # network interface pooling instead interrupt request
kern.ipc.shm_use_phys=1 # kernel to lock shared memory into RAM
# and prevent it from being paged out to swap
kern.ipc.maxsockbuf=2097152 # Buffers de socket para novas conexoes
kern.ipc.somaxconn=8192
kern.maxfiles=65536
kern.maxfilesperproc=32768
vfs.vmiodirenable=1
/boot/loader.conf
autoboot_delay="2"
beastie_disable="YES"
kern.ipc.nmbclusters=1024
kern.ipc.maxsockets=1024
hw.ata.atapi_dma=1
kern.hz="1000" # Set the kernel interval timer rate
kern.cam.scsi_delay="2000" # Delay (in ms) before probing SCSI
kern.ipc.maxsockets="16424"
netgraph_load="YES"
/etc/make.conf
CFLAGS= -O2 -pipe -funroll-loops -ffast-math
CPUTYPE= i686
CPUTYPE= pentium2
COPTFLAGS= -O2 -pipe -funroll-loops -ffast-math
/usr/src/sys/i386/conf/MyKernel.conf
machine i386
#cpu I486_CPU # desative 386 e 486
cpu I586_CPU
cpu I686_CPU
#options INET6 # IPv6 communications protocols
# Network Security & Tuning
options IPSTEALTH # randomize IP ID to prevent server from being a
mid-point for idlescan-style portscanning. Prevents cracker from determining
the rate of packet generation
options TCP_DROP_SYNFIN
options ACCEPT_FILTER_DATA
options ACCEPT_FILTER_HTTP
options NMBCLUSTERS=65536 # maximum number of mbuf clusters
options DEVICE_POLLING
options HZ=1000
options SYSVMSG # SYSV-style message queues
options MSGMNB=16384 # max # of bytes in a queue
options MSGMNI=40 # number of message queue identifiers
options MSGSEG=2048 # number of message segments per queue
options MSGSSZ=64 # size of a message segment
options MSGTQL=2048 # max messages in system
options SYSVSHM # SYSV-style shared memory
options SHMMAXPGS=4096
options SHMSEG=16 # max shared mem id's per process
options SHMMNI=32 # max shared mem id's per system
options SHMMAX=2097152 # max shared memory segment size (bytes)
options SHMALL=4096 # max amount of shared memory (pages)
options SYSVSEM # SYSV-style semaphores
options SEMMNI=256
options SEMMNS=512
options SEMMNU=256
options SEMMAP=256
Ufa... So isso.
Fabricio Lima
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
