initial openbsd support

1 files changed, 0 insertions, 160 deletions

diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf
deleted file mode 100644
index 7b14b46..0000000
--- a/core/conf/sysctl.conf
+++ /dev/null
@@ -1,160 +0,0 @@
-#
-# /etc/sysctl.conf: configuration for system variables, see sysctl.conf(5)
-#
-
-#KERN_EMERG     "0"     Emergency messages, system is about to crash or is unstable     pr_emerg
-#KERN_ALERT     "1"     Something bad happened and action must be taken immediately     pr_alert
-#KERN_CRIT      "2"     A critical condition occurred like a serious hardware/software failure  pr_crit
-#KERN_ERR       "3"     An error condition, often used by drivers to indicate difficulties with the hardware    pr_err
-#KERN_WARNING   "4"     A warning, meaning nothing serious by itself but might indicate problems        pr_warning
-#KERN_NOTICE    "5"     Nothing serious, but notably nevertheless. Often used to report security events.        pr_notice
-#KERN_INFO      "6"     Informational message e.g. startup information at driver initialization         pr_info
-#KERN_DEBUG     "7"     Debug messages
-# current | default | minimum | boot-time-default
-kernel.printk = 7 1 1 4
-
-# set to 0 when profiling with apparmor
-kernel.printk_ratelimit=0
-
-kernel.randomize_va_space = 2
-
-# Shared Memory
-#kernel.shmmax = 500000000
-# Total allocated file handlers that can be allocated
-# fs.file-nr=
-vm.mmap_min_addr=65536
-
-# Allow for more PIDs (to reduce rollover problems); may break some programs 32768
-kernel.pid_max = 65536
-
-#Yama LSM by default
-kernel.yama.ptrace_scope = 1
-
-#
-# Filesystem Protections
-#
-
-# Optimization for port usefor LBs
-# Increase system file descriptor limit
-fs.file-max = 65535
-
-# Hide symbol addresses in /proc/kallsyms
-kernel.kptr_restrict = 2
-
-#
-# Network Protections
-#
-
-net.core.bpf_jit_enable = 0
-# harden all code
-net.core.bpf_jit_harden = 2
-
-# disable tunnels by default user space create
-# them as needed
-net.core.fb_tunnels_only_for_init_net = 1
-
-# Increase Linux auto tuning TCP buffer limits
-# min, default, and max number of bytes to use
-# set max to at least 4MB, or higher if you use very high BDP paths
-# Tcp Windows etc
-net.core.rmem_max = 8388608
-net.core.wmem_max = 8388608
-net.core.netdev_max_backlog = 5000
-net.ipv4.tcp_window_scaling = 1
-
-#A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic.
-net.ipv4.tcp_sack = 0
-
-# Both ports linux-blob and linux-libre don't build with ipv6
-# Disable ipv6
-net.ipv6.conf.all.disable_ipv6 = 1
-net.ipv6.conf.default.disable_ipv6 = 1
-net.ipv6.conf.lo.disable_ipv6 = 1
-
-# Tuen IPv6
-net.ipv6.conf.default.router_solicitations = 0
-net.ipv6.conf.default.accept_ra_rtr_pref = 0
-net.ipv6.conf.default.accept_ra_pinfo = 0
-net.ipv6.conf.default.accept_ra_defrtr = 0
-net.ipv6.conf.default.autoconf = 0
-net.ipv6.conf.default.dad_transmits = 0
-net.ipv6.conf.default.max_addresses = 0
-
-# Avoid a smurf attack, ping scanning
-net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-# Turn on protection for bad icmp error messages
-net.ipv4.icmp_ignore_bogus_error_responses = 1
-
-# Turn on syncookies for SYN flood attack protection
-net.ipv4.tcp_syncookies = 1
-
-## protect against tcp time-wait assassination hazards
-## drop RST packets for sockets in the time-wait state
-## (not widely supported outside of linux, but conforms to RFC)
-net.ipv4.tcp_rfc1337 = 1
-
-## tcp timestamps
-## + protect against wrapping sequence numbers (at gigabit speeds)
-## + round trip time calculation implemented in TCP
-## - causes extra overhead and allows uptime detection by scanners like nmap
-## enable @ gigabit speeds
-net.ipv4.tcp_timestamps = 0
-#net.ipv4.tcp_timestamps = 1
-
-# Turn on and log spoofed, source routed, and redirect packets
-net.ipv4.conf.all.log_martians = 1
-net.ipv4.conf.default.log_martians = 1
-
-## ignore echo broadcast requests to prevent being part of smurf attacks (default)
-net.ipv4.icmp_echo_ignore_broadcasts = 1
-
-## sets the kernels reverse path filtering mechanism to value 1(on)
-## will do source validation of the packet's recieved from all the interfaces on the machine
-## protects from attackers that are using ip spoofing methods to do harm
-net.ipv4.conf.all.rp_filter = 1
-net.ipv4.conf.default.rp_filter = 1
-#net.ipv6.conf.default.rp_filter = 1
-#net.ipv6.conf.all.rp_filter = 1
-
-
-# Make sure no one can alter the routing tables
-# Act as a router, necessary for Access Point
-net.ipv4.conf.all.accept_redirects = 0
-net.ipv4.conf.default.accept_redirects = 0
-net.ipv4.conf.all.secure_redirects = 0
-net.ipv4.conf.default.secure_redirects = 0
-# No source routed packets here
-# Discard packets with source routes, ip spoofing
-net.ipv4.conf.all.accept_source_route = 0
-net.ipv4.conf.default.accept_source_route = 0
-
-
-net.ipv4.conf.all.send_redirects = 0
-net.ipv4.conf.default.send_redirects = 0
-
-net.ipv4.ip_forward = 0
-
-# Increase system IP port limits
-net.ipv4.ip_local_port_range = 2000 65000
-
-# Increase TCP max buffer size setable using setsockopt()
-net.ipv4.tcp_rmem = 4096 87380 8388608
-net.ipv4.tcp_wmem = 4096 87380 8388608
-
-# Disable proxy_arp
-net.ipv4.conf.default.proxy_arp = 0
-net.ipv4.conf.all.proxy_arp = 0
-
-# Disable bootp_relay
-net.ipv4.conf.default.bootp_relay = 0
-net.ipv4.conf.all.bootp_relay = 0
-
-# Decrease TCP fin timeout
-net.ipv4.tcp_fin_timeout = 30
-# Decrease TCP keep alive time
-net.ipv4.tcp_keepalive_time = 1800
-# Sen SynAck retries to 3
-net.ipv4.tcp_synack_retries = 3
-
-# End of file