Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in /usr/home/webadmin/www/sysctl/class.rss.php on line 40

Warning: Cannot modify header information - headers already sent by (output started at /usr/home/webadmin/www/sysctl/class.rss.php:40) in /usr/home/webadmin/www/sysctl/class.rss.php on line 59
EnderUnix Sysctl http://sysctl.enderunix.org/ EnderUnix Sysctl Sitesi tr Sun, 11 Apr 2021 01:47:01 +0000 EnderUNIX Free Software Development Team Enable non-privileged users to mount filesystems http://sysctl.enderunix.org/view.php?id=258 # sysctl vfs.usermount=1 This command enables non-privileged users to mount filesystems. 2008-04-07 10:42:50 Normal Kullanicilara mount Izni Vermek http://sysctl.enderunix.org/view.php?id=257 # sysctl vfs.usermount=1 komutu ile root hakki olmayan kullanicilarin dosya sistemi mount etmesine izin verilir. 2008-04-07 10:41:08 net.inet.ip.ttl http://sysctl.enderunix.org/view.php?id=252 The default is the value of the system\#039;s net.inet.ip.ttl MIB variable, which defaults to 64. OpenBSD man 8 traceroute 2007-12-18 09:17:40 check your maximum filedescriptors http://sysctl.enderunix.org/view.php?id=245 You can check your maximum filedescriptors as follow below # sysctl -a | grep #039;kern.maxfile#039; You can increase them as follow below # sysctl -w kern.maxfiles=XXXX # sysctl -w kern.maxfilesperproc=XXXX 2007-06-16 00:26:15 Maksimum dosyatanimlayici sayisini ouml;eth;renmek http://sysctl.enderunix.org/view.php?id=244 Maksimum dosyatanimlayici sayisini ogrenebilmek icin # sysctl -a | grep #039;kern.maxfile#039; Dosyatanimlayici sayisini artirmak icin ise # sysctl -w kern.maxfiles=XXXX # sysctl -w kern.maxfilesperproc=XXXX 2007-06-16 00:25:22 net.ipv4.igmp_max_memberships http://sysctl.enderunix.org/view.php?id=238 Host üzerinde dinlenebilecek maximum igmp socket sayısı (multicast grubuna dahil olacak hostların sayısı da denebilir) 2007-01-30 16:18:52 net.ipv4.igmp_max_memberships http://sysctl.enderunix.org/view.php?id=237 Maximum number of listening igmp (multicast) sockets on the host 2007-01-30 16:08:37 kern.ipc.msgtql http://sysctl.enderunix.org/view.php?id=235 Maximum number of messages in the system 2007-01-17 02:06:26 kern.ipc.msgmax http://sysctl.enderunix.org/view.php?id=234 Maximum message size within the system 2007-01-17 02:05:30 kern.ipc.msgmni http://sysctl.enderunix.org/view.php?id=233 Number of message queue identifiers present in the system 2007-01-17 02:04:26 kern.ipc.msgmnb http://sysctl.enderunix.org/view.php?id=232 Maximum number of bytes in a queue 2007-01-16 23:46:14 kern.ipc.msgseg http://sysctl.enderunix.org/view.php?id=231 Number of message segments within a particular message queue. 2007-01-16 23:37:23 hw.ata.wc http://sysctl.enderunix.org/view.php?id=230 hw.ata.wc değri 1 yapılarak ATA disklerde yazılacak bilgilerin öncelikle önbellekte saklanması sağlanır. Ancak bu durumda sistemin aniden kapanması sonucu kaybedilecek canlı veri miktarı daha fazla olacaktır. 2006-12-13 22:01:38 net.bpf.maxbufsize http://sysctl.enderunix.org/view.php?id=223 Specifies the upper limit which can be set for net.bpf.bufsize. See also: http://sysctl.enderunix.org/view.php?id=222amp;lang=en Default value: 524288 2006-11-02 21:42:22 net.bpf.bufsize http://sysctl.enderunix.org/view.php?id=222 Berkeley Packet Filter (BPF), maintains an internal kernel buffer for storing packets received off the wire. This knob controls the size (in bytes) of that buffer. Default value: 4096 bytes. Please be noted that, there is an upper limit set by another BPF sysctl (net.bpf.maxbufsize). If you need much larger buffer space, you need to increase that one also. 2006-11-02 21:22:20 net.inet.tcp.sendspace http://sysctl.enderunix.org/view.php?id=159 TCP protokolünde paket gönderimini kapsayan basit ince bir detay; # sysctl net.inet.tcp.sendspace=65536 (Default seçenekler de bu değer 32768dir.) Yapılan değişikliği kontrol etmek için # sysctl -a | grep sendspace komutunu kullanabilirsiniz.Eğer sistemimiz her açılışta bu değerle başlamasını istiyorsak önümüzde 2 değişik seçenek var. 1. Sysctl.conf dosyasına ekleyebil 2006-01-03 17:03:07 hw.clockrate http://sysctl.enderunix.org/view.php?id=142 determine the cpu frequency 2005-12-01 15:45:01 net.inet.tcp.rexmit_min http://sysctl.enderunix.org/view.php?id=141 Minimum Retransmission Timeout root@siseci[~]# sysctl net.inet.tcp.rexmit_min net.inet.tcp.rexmit_min: 30 2005-11-30 08:47:46 net.inet.tcp.msl http://sysctl.enderunix.org/view.php?id=140 Maximum segment lifetime root@siseci[~]# sysctl net.inet.tcp.msl net.inet.tcp.msl: 30000 2005-11-30 08:47:07 net.inet.tcp.delayed_ack http://sysctl.enderunix.org/view.php?id=139 Delay ACK to try and piggyback it onto a data packet root@siseci[~]# sysctl net.inet.tcp.delayed_ack net.inet.tcp.delayed_ack: 1 2005-11-30 08:44:17 net.inet.tcp.delacktime http://sysctl.enderunix.org/view.php?id=138 Time before a delayed ACK is sent root@siseci[~]# sysctl net.inet.tcp.delacktime net.inet.tcp.delacktime: 100 2005-11-30 08:43:17 net.inet.tcp.stats http://sysctl.enderunix.org/view.php?id=137 TCP statistics (struct tcpstat, netinet/tcp_var.h) 2005-11-30 08:41:01 net.inet.tcp.mssdflt http://sysctl.enderunix.org/view.php?id=136 Default TCP Maximum Segment Size 2005-11-30 08:40:40 net.inet.tcp.rfc1644 http://sysctl.enderunix.org/view.php?id=135 Enable rfc1644 (TTCP) extensions http://rfc.net/rfc1644.html 2005-11-30 08:40:18 vfs.generic.usermount http://sysctl.enderunix.org/view.php?id=133 In NetBSD, a file system can only be mounted by an ordinary user who owns the point node and has access to the special device (at least read permissions). In addition, the vfs.generic.usermount sysctl must be set to 1 to permit file system mounting by ordinary users. mount(8) 2005-11-24 23:15:45 net.inet.tcp.mss_ifmtu http://sysctl.enderunix.org/view.php?id=132 Some systems behind misconfigured firewalls try to use Path-MTU-Discovery, while their firewall blocks all ICMP messages. This is an illegal, but not uncommon, setup. Typically you will have no chance to fix this (remote, outside of your control) setup. And sometimes you will have to use such remote systems (to download data from them, or to do your online banking). Without special care systems 2005-11-24 21:20:20 hw.ncpu http://sysctl.enderunix.org/view.php?id=131 Sistemdeki islemci sayisini gosterir. root@siseci# sysctl hw.ncpu hw.ncpu: 4 2005-11-16 10:36:17 net.inet.tcp.sendspace http://sysctl.enderunix.org/view.php?id=118 TCP Send window size. 2005-10-14 14:35:10 net.inet.tcp.recvspace http://sysctl.enderunix.org/view.php?id=117 TCP receive window size. 2005-10-14 14:26:57 net.inet.ip.sourceroute http://sysctl.enderunix.org/view.php?id=115 To disable IP source routing set net.inet.ip.sourceroute and net.inet.ip.accept_sourceroute to 0. 2005-10-14 14:22:25 net.inet.icmp.masqrepl http://sysctl.enderunix.org/view.php?id=113 Disable ICMP router solicitations and advertisements, and ICMP subnet mask requests and replies. 2005-10-14 14:18:14 net.link.ether.inet.max_age http://sysctl.enderunix.org/view.php?id=112 ARP onbelleginin temizlenme suresidir. Ontanimli degeri 1200 dur. 2005-10-14 14:14:45 kern.ident http://sysctl.enderunix.org/view.php?id=111 Kernel configurasyon dosyasinda gecen ident satiridir. ident GENERIC Satiri degistirilerek degistirilebilir. 2005-10-14 09:54:41 kern.securelevel http://sysctl.enderunix.org/view.php?id=109 A MIB to set system security level. The kernel runs with five different levels of security. Any super-user process can raise the security level, but no process can lower it. The security levels are: -1 Permanently insecure mode - always run the system in level 0 mode. This is the default initial value. 0 Insecure mode - immutable and append-only flags may 2005-08-23 14:45:17 kern.logsigexit http://sysctl.enderunix.org/view.php?id=108 Log processes quitting on abnormal signals (e.g. sig 11) to syslog(3) 2005-08-23 13:47:08 kern.fast_vfork http://sysctl.enderunix.org/view.php?id=107 Enable fast vfork() by using RFMEM to share address space instead of copying it 2005-08-23 13:36:38 net.inet.udp.log_in_vai http://sysctl.enderunix.org/view.php?id=106 Enables logging of attempted connections to ports which do not have a server running. The dmesg will display the attempt and it it will be logged to /var/log/messages. For all udp datagrams, to ports on which there is no socket listening, log the connection attempt. There is also a net.inet.tcp.log_in_vain. 2005-07-23 23:50:05 net.inet.tcp.inflight http://sysctl.enderunix.org/view.php?id=105 [inflight.enable] - Enable TCP bandwidth-delay product limiting. An attempt will be made to calculate the bandwidth-delay product for each individual TCP connection, and limit the amount of inflight data being transmitted, to avoid building up unnecessary packets in the network. This option is re 2005-07-23 23:44:07 net.inet.tcp.syncache http://sysctl.enderunix.org/view.php?id=104 The syncache implements a number of variables in the net.inet.tcp.syncache branch of the sysctl(3) MIB. Several of these may be tuned by setting the corresponding variable in the loader(8). [hashsize] - Size of the syncache hash table, must be a power of 2. Read-only, tunable via loader(8). [bucketlimit] - Limit on the number of entries permitted in each bucket of the hash ta 2005-07-23 23:36:27 net.inet.tcp.syncookies http://sysctl.enderunix.org/view.php?id=103 Determines whether or not SYN cookies should be generated for outbound SYN-ACK packets. SYN cookies are a great help during SYN flood attacks, and are enabled by default. (See syncookies(4).) 2005-07-23 23:31:20 net.inet.tcp.do_tcpdrain http://sysctl.enderunix.org/view.php?id=102 Flush packets in the TCP reassembly queue if the system is low on mbufs. 2005-07-23 23:29:33 net.inet.tcp.always_keepalive http://sysctl.enderunix.org/view.php?id=101 Assume that SO_KEEPALIVE is set on all TCP connections, the kernel will periodically send a packet to the remote host to verify the connection is still up. 2005-07-23 23:28:18 net.inet.tcp.keepinit http://sysctl.enderunix.org/view.php?id=100 Timeout, in milliseconds, for new, non-established TCP connections. 2005-07-23 23:27:14 net.inet.tcp.keepintvl http://sysctl.enderunix.org/view.php?id=99 The interval, in milliseconds, between keepalive probes sent to remote machines. After TCPTV_KEEPCNT (default 8) probes are sent, with no response, the (tcp)connection is dropped. 2005-07-23 23:26:09 net.inet.tcp.keepidle http://sysctl.enderunix.org/view.php?id=98 Amount of time, in milliseconds, that the (tcp) connection must be idle before keepalive probes (if enabled) are sent. 2005-07-23 23:24:54 kern.random.sys.harvest.interrupt http://sysctl.enderunix.org/view.php?id=97 The kern.random.sys.harvest.interrupt variable is used to select hardware interrupts as an entropy source. A 0 (zero) value means interrupts are not considered as an entropy source. Set the variable to 1 (one) if you wish to use them for entropy harvesting. All interrupt harvesting is setup by the individual device drivers. 2005-07-23 23:21:43 kern.random.sys.harvest.point_to_point http://sysctl.enderunix.org/view.php?id=96 The kern.random.sys.harvest.point_to_point variable is used to select serial line traffic as an entropy source. (Serial line traffic includes PPP, SLIP and all tun0 traffic.) A 0 (zero) value means such traffic is not considered as an entropy source. Set the variable to 1 (one) if you wish to use it for entropy harvesting. 2005-07-23 23:20:53 kern.random.sys.harvest.ethernet http://sysctl.enderunix.org/view.php?id=95 The kern.random.sys.harvest.ethernet variable is used to select LAN traffic as an entropy source. A 0 (zero) value means that LAN traffic is not considered as an entropy source. Set the variable to 1 (one) if you wish to use LAN traffic for entropy harvesting. 2005-07-23 23:19:34 kern.random.sys.burst http://sysctl.enderunix.org/view.php?id=94 The kern.random.sys.burst variable instructs the kernel thread that processes the harvest queue to tsleep(9) briefly after that many events have been processed. This helps prevent the random device from being so compute-bound that it takes over all processing ability. A value of 0 (zero) is treated as infinity, and will only allow the kernel to pause if the queue is empty. Only values in the ra 2005-07-23 23:18:42 kern.random.sys.seeded http://sysctl.enderunix.org/view.php?id=93 The kern.random.sys.seeded variable indicates whether or not the random device is in an acceptably secure state as a result of reseeding. If set to 0, the device will block (on read) until the next reseed (which can be from an explicit write, or as a result of entropy harvesting). A reseed will set the value to 1 (non-blocking). 2005-07-23 23:17:31 net.inet.udp.blackhole http://sysctl.enderunix.org/view.php?id=92 From the blackhole(4) manual page: The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no socket listening. Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a RST segment, and drop the connection. The connecting 2005-07-23 23:13:58 kern.domainname http://sysctl.enderunix.org/view.php?id=91 current domainname of the operating system (domainname) 2005-07-23 23:11:04 kern.hostname http://sysctl.enderunix.org/view.php?id=90 current hostname of the operating system (hostname -s) 2005-07-23 23:10:03 kern.osrelease http://sysctl.enderunix.org/view.php?id=89 current release level of the operating system (uname -r) 2005-07-23 23:06:31 vm.stats http://sysctl.enderunix.org/view.php?id=88 sysctl vm.stats will show you all the memory info you need in the vm system, as in: pageable memory. Its shown in number of pages (usually 4K: vm.stats.vm.v_page_size). 2005-07-20 14:02:55 hw.physmem http://sysctl.enderunix.org/view.php?id=87 Bilgisayarinizin fiziksel ramini byte cinsinden gosterir Örnegin; # sysctl hw.physmem hw.physmem: 263688192 2005-07-20 12:06:40 Ses kartlarında çoklu sanal kanal açmak http://sysctl.enderunix.org/view.php?id=86 Gelişmiş tüm ses kartlarında bulunan çoklu sanal kanal özelliğini freebsd altında kullanmak için; sysctl hw.snd.maxautovchans=4 komutunu vermeniz yeterli. Bu sayede aynı anda birden fazla ses kaynağını dinleyebilirsiniz. 2005-07-06 15:31:25 vfs.vmiodirenable http://sysctl.enderunix.org/view.php?id=85 This ysctl variable may be set to either 0 (off) or 1 (on); it is 1 by default. This variable controls how directories are cached by the system. It improves performance on servers with lots of i/o files such as mail servers, web caches and databases. Ref: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/book.html#AEN16786 2005-07-04 15:42:26 hw.ata.wc http://sysctl.enderunix.org/view.php?id=84 hw.ata.wc: (0/1) enable(1) / disable (0) ATA disk write caching. 2005-07-04 15:37:42 hw.model http://sysctl.enderunix.org/view.php?id=83 hw.model: specific machine model hw.model: Intel(R) Pentium(R) 4 CPU 1.80GHz 2005-07-04 15:25:22 hw.pagesize http://sysctl.enderunix.org/view.php?id=82 hw.pagesize: System memory page size. 2005-07-04 15:24:11 hw.ncpu http://sysctl.enderunix.org/view.php?id=81 hw.ncpu:number of cpus 2005-07-04 15:17:11 hw.physmem http://sysctl.enderunix.org/view.php?id=80 hw.physmem is a physical memory size in bytes. hw.physmem: 782921728 2005-07-04 15:14:29 dev.cpu.0.freq_levels http://sysctl.enderunix.org/view.php?id=79 displays supported cpu states for your cpu (for processors that support this) to set a desired frequency, use dev.cpu.0.freq=x 2005-06-10 00:44:03 net.inet.tcp.rfc1323 http://sysctl.enderunix.org/view.php?id=78 net.inet.tcp.rfc1323: Enable rfc1323 (high performance TCP) extensions. http://rfc.net/rfc1323.html 2005-06-09 16:02:12 net.inet.ip.check_interface http://sysctl.enderunix.org/view.php?id=77 inet.ip.check_interface: Verify packet arrives on correct interface ip_checkinterface currently must be disabled if you use ipnat 150 to translate the destination address to another local interface. Also it must be disabled if you add IP aliases to the loopback interface instead of the interface where the packets for those addresses are received. 2005-06-09 15:57:31 kern.rootdev http://sysctl.enderunix.org/view.php?id=76 kern.rootdev: root device of the system. # sysctl kern.rootdev kern.rootdev: da0s1a 2005-06-09 13:06:43 kern.openfiles - 2 http://sysctl.enderunix.org/view.php?id=75 kern.openfiles: System-wide number of open files. 2005-06-09 13:01:03 kern.disks http://sysctl.enderunix.org/view.php?id=74 kern.disks gets a list of all disks in the system. Output: # sysctl kern.disks kern.disks: ad0 md0 2005-06-09 12:58:13 net.inet.icmp.icmplim_output http://sysctl.enderunix.org/view.php?id=73 net.inet.icmp.icmplim_output: If (0) you do not want to see messages about this in your log files, but you still want the kernel to do response limiting. 2005-06-06 17:50:09 net.inet.icmp.icmplim http://sysctl.enderunix.org/view.php?id=72 net.inet.icmp.icmplim: the maximum number of ICMP Unreachable and also TCP RST packets that will be sent back every second. 2005-06-06 17:48:02 vfs.ufs http://sysctl.enderunix.org/view.php?id=71 vfs.ufs.dirhash_minsize: minimum directory size in bytes for which to use hashed lookup vfs.ufs.dirhash_maxmem: maximum allowed dirhash memory usage vfs.ufs.dirhash_mem:current dirhash memory usage vfs.ufs.dirhash_docheck:enable extra sanity tests 2005-06-06 17:29:19 kern.nodump_coredump http://sysctl.enderunix.org/view.php?id=70 kern.nodump_coredump:Enable setting the NODUMP flag on coredump files Default value: kern.nodump_coredump: 0 2005-06-06 16:58:35 kern.coredump http://sysctl.enderunix.org/view.php?id=69 kern.coredump:Enable/Disable coredumps Default value: kern.coredump: 1 2005-06-06 16:57:12 kern.sugid_coredump http://sysctl.enderunix.org/view.php?id=68 kern.sugid_coredump: Enable coredumping set user/group ID processes Default value: kern.sugid_coredump: 0 2005-06-06 16:55:59 kern.corefile http://sysctl.enderunix.org/view.php?id=67 kern.corefile: core file name format string. Default value: kern.corefile: %N.core 2005-06-06 16:54:09 kern.smp http://sysctl.enderunix.org/view.php?id=66 kern.smp.maxcpus: Max number of CPUs that the system was compiled for kern.smp.active:are the APs allowed to run? kern.smp.disabled: has smp been disabled? kern.smp.cpus: Number of CPUs online. kern.smp.forward_signal_enabled: Enable forwarding of a signal to a process running on a different CPU kern.smp.forward_roundrobin_enabled:Enable forwarding of roundrobin to all other cpus 2005-06-06 16:43:01 kern.maxprocperuid http://sysctl.enderunix.org/view.php?id=65 The maximum number of the processes for per user id. kern.maxprocperuid is changeable. 2005-06-05 13:51:35 kern.maxproc http://sysctl.enderunix.org/view.php?id=64 The maximum number of processes a user may be running. kern.maxproc is read only 2005-06-05 13:43:28 kern.boottime http://sysctl.enderunix.org/view.php?id=63 the boot time of the kernel. 2005-06-05 13:38:05 kern.maxvnodes http://sysctl.enderunix.org/view.php?id=62 A vnode is the internal representation of a file or directory. So increasing the number of vnodes available to the operating system cuts down on disk I/O kern.maxvnodes is changeable 2005-06-05 13:33:27 kern.ostype http://sysctl.enderunix.org/view.php?id=61 contains the type of the kernel. 2005-06-05 13:31:42 net.link.ether.inet.max_age http://sysctl.enderunix.org/view.php?id=60 The cleanup interval for the IP route cache. Default value: 1200 2005-06-05 01:18:21 hw.tweX.driver_version http://sysctl.enderunix.org/view.php?id=58 Gives the version of the twe driver. 2005-05-27 21:17:02 fs.file-max http://sysctl.enderunix.org/view.php?id=57 Bu parametre linux sisteminde açılabilecek dosya handle larının(bu da açılabilecek maksimum dosya sayisini gosterir) maksimum sayisini verir 2005-05-24 19:08:43 kernel.sem http://sysctl.enderunix.org/view.php?id=56 SEMMSL,SEMMNS, SEMOPM, SEMMNI parametrelerini içerir(örnek : 250 32000 32 128). SEMMSL : Bir semafor setinin içindeki maksimum semafor sayisini verir SEMMNS : Linux sistemimizdeki toplam semafor sayisini verir SEMOPM : Bu parametre semop(2) sistem çağrısının bir seferde yapabilecegi maksimum semafor operasyonlarinin sayisini verir SEMMNI : Linux sistemimizdeki maksimum semafor seti 2005-05-24 19:06:01 kernel.shmall http://sysctl.enderunix.org/view.php?id=55 Sistemde bir anda sayfalarda(page) kullanılabilecek toplam paylasimli hafiza(shared memory) miktarini verir ve en az ceil(SHMMAX/PAGE_SIZE) kadar olmalidir 2005-05-24 18:57:15 kernel.shmmni http://sysctl.enderunix.org/view.php?id=54 Sistem genelindeki maksşmum paylasimli hafiza segment(shared memory segment) saysini belirler 2005-05-24 18:39:27 kernel.shmmax http://sysctl.enderunix.org/view.php?id=53 Paylaşılan bellek segmentinin(shared memory segment) byte cinsinden maksimum değeridir 2005-05-24 18:37:45 kern.openfiles http://sysctl.enderunix.org/view.php?id=52 Shows current number of open files. 2005-05-18 05:29:05 hw.snd.maxautovchans http://sysctl.enderunix.org/view.php?id=51 hw.snd.maxautovchans=X where X is the number of virtual channels a new audio device is given when it is attached using kldload 2005-05-15 22:53:46 hw.snd.pcm0.vchans http://sysctl.enderunix.org/view.php?id=50 hw.snd.pcm0.vchans=X where X is the number of virtual channels pcm0 has 2005-05-15 22:52:20 kern.maxfiles http://sysctl.enderunix.org/view.php?id=49 This variable indicates the maximum number of file descriptors on your system. 2005-05-15 20:57:18 net.link.ether.inet.log_arp_movements http://sysctl.enderunix.org/view.php?id=48 Boolean MIB The default is 0 (OFF) By setting this knob to 1 (ON) the kernel will log all ARP broadcasts from hosts that have a MAC address that is different then the on in the ARP cache on the localhost. This might help preventing and identifying ARP cache poisoning attacks. 2005-05-15 20:37:55 net.link.ether.inet.log_arp_wrong_iface http://sysctl.enderunix.org/view.php?id=47 Boolean MIB The default is 0 (OFF) By setting this knob to 1 (ON) the kernel will log all arp packets arriving on the wrong interface. 2005-05-15 20:34:08 net.inet.ip.random_id http://sysctl.enderunix.org/view.php?id=46 Boolean MIB 0 - off 1 - on The default is OFF (0). Normally (when this option is OFF) IP_ID of IP packets are numbered in an sequential manner. By setting this knob to 1 (ON) the IP_ID is set with a random number. This can help in preventing an information-gathering attack i.e. when an attacker tracks diffrent IP_IDs leaving a router to find how many hosts are behind the NAT. 2005-05-15 20:30:55 net.link.ether.ipfw http://sysctl.enderunix.org/view.php?id=45 FreeBSD 4.x lerde çekirdeğinizde options IPFW2 varsa FreeBSD 5.x lerde çekirdeğinizde options IPFIREWALL varsa net.link.ether.ipfw=1 ile MAC adresine gore (Layer2) filtreleme yapabilirsiniz net.link.ether.ipfw=0 ise Layer2 filtrelemeyi iptal eder. (Standartta bu seçilidir) 2005-05-13 23:57:34 net.link.ether.bridge_ipfw http://sysctl.enderunix.org/view.php?id=44 Çekirdeğinizi options IPFIREWALL ve options BRIDGE ile derlemişseniz; net.link.ether.bridge_ipfw=1 ile bridge paketlerini firewalldan gecirirsiniz. net.link.ether.bridge_ipfw=0 ise bridge paketleri firewalla ugramadan gecer. 2005-05-13 23:55:14 net.inet.tcp.log_in_vain http://sysctl.enderunix.org/view.php?id=43 Uzerinde sunucu servis calismaya port`lara baglanti yapilmaya calisildiginda bunu gunluk dosyasina atmak icin kullanilabilir.dmesg bu baglantiyi gosterirken ayrica bu mesaj /var/log/messages altina yazilacaktir. Sadece SYN bayragi olan TCP paketlerinin kaydi tutulacaktir.Bunun yaninda ayrica net.inet.udp.log_in_vain bulunmaktadir. 2005-05-09 17:48:05 net.inet.tcp.icmp_may_rst - 2 http://sysctl.enderunix.org/view.php?id=42 Belli bir ICMP mesaji aldiginda TCP`nin bir baglantiyi kesebilmesine olanak verir. (bakiniz: RFC 1122,, Destination unreachable 2-4). Baglanti TCP durumu ancak SYN_SENT ise iptal edilebilir. 2005-05-09 17:45:25