###

# Prevent users from seeing information about processes they don't own.
security.bsd.unprivileged_proc_debug=0

# Allow users to mount their ZFS filesystems, subject to ownership and ZFS Delegated Administration.
vfs.usermount=1

# 4Kn FTW!
vfs.zfs.min_auto_ashift=12

# Set congestion control algorithm to Cubic or HTCP
# Make sure the module is loaded at boot time - check loader.conf
# net.inet.tcp.cc.algorithm=cubic
net.inet.tcp.cc.algorithm=htcp

# Restore VM behaviour prior to r334154 i.e. be37ee791f68c824f30322a1e58b3d40d2589ef3.
vm.pageout_update_period=0

# Disable console beeping (it drives me mad).
hw.syscons.bell=0
kern.vt.enable_bell=0

# Mitigate MDS.
hw.mds_disable=3

# ZFS' ABD hasn't behaved properly after FreeBSD 11.2.
vfs.zfs.abd_scatter_enabled=0

# Mark the stack as non-executable.
kern.elf32.nxstack=1
kern.elf64.nxstack=1

# Add a guard page to the stack.
security.bsd.stack_guard_page=1

# Activate ASLR.
kern.elf64.aslr.enable=1
kern.elf64.aslr.pie_enable=1
#kern.elf64.aslr.stack_gap=0
kern.elf32.aslr.enable=1
kern.elf32.aslr.pie_enable=1
#kern.elf32.aslr.stack_gap=0

# Enable timestamps on kernel messages.
kern.msgbuf_show_timestamp=1

# Activate random IP identification.
net.inet.ip.random_id=1

# https://fasterdata.es.net/host-tuning/freebsd/

# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216

# set autotuning maximum to at least 16MB too
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216

# enable send/recv autotuning
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1

# increase autotuning step size
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288

# set this on test/measurement hosts
#net.inet.tcp.hostcache.expire=1

# EOF