@@ -132,6 +132,35 @@ Adjust log retention and log level as needed. The defaults are usually sufficien
132132
133133![ Logging Settings System] ( /assets/img/posts/opnsense/Logging_Settings_System_1683907923484_0.png )
134134
135+ #### Tunables
136+
137+ | Key | Value | Description |
138+ | :-------------------------------- | :---------- | :---------------------------------------------------------------------- |
139+ | ` hw.ibrs_disable ` | ` 1 ` | Disable Indirect Branch Restricted Speculation |
140+ | ` net.isr.maxthreads ` | ` -1 ` | Use at most this many CPUs for netisr processing |
141+ | ` net.isr.bindthreads ` | ` 1 ` | Bind netisr threads to CPUs |
142+ | ` net.isr.dispatch ` | ` deferred ` | netisr dispatch policy |
143+ | ` net.inet.rss.enabled ` | ` 1 ` | RSS enabled |
144+ | ` net.inet.rss.bits ` | ` 3 ` | ` <CORES>/4=<VALUE> ` RSS bits |
145+ | ` kern.ipc.maxsockbuf ` | ` 614400000 ` | ` 614400000=100Gbps ` ` 16777216=10Gbps ` Maximum socket buffer size |
146+ | ` net.inet.tcp.recvbuf_max ` | ` 4194304 ` | Max size of automatic receive buffer |
147+ | ` net.inet.tcp.recvspace ` | ` 65536 ` | Initial receive socket buffer size |
148+ | ` net.inet.tcp.sendspace ` | ` 65536 ` | Initial send socket buffer size |
149+ | ` net.inet.tcp.sendbuf_inc ` | ` 65536 ` | Incrementor step size of automatic send buffer |
150+ | ` net.inet.tcp.sendbuf_max ` | ` 4194304 ` | Max size of automatic send buffer |
151+ | ` net.inet.tcp.soreceive_stream ` | ` 1 ` | Using soreceive_stream for TCP sockets |
152+ | | | |
153+ | ` net.inet.tcp.mssdflt ` | ` 1240 ` | Default TCP Maximum Segment Size |
154+ | ` net.inet.tcp.abc_l_var ` | ` 52 ` | Cap the max cwnd increment during slow-start to this number of segments |
155+ | ` net.inet.tcp.minmss ` | ` 536 ` | Minimum TCP Maximum Segment Size |
156+ | ` net.isr.defaultqlimit ` | ` 2048 ` | Default netisr per-protocol, per-CPU queue limit if not set by protocol |
157+ | | | |
158+ | ` kern.random.fortuna.minpoolsize ` | ` 128 ` | Minimum pool size necessary to cause a reseed |
159+ | | | |
160+ | ` net.pf.source_nodes_hashsize ` | ` 1048576 ` | |
161+ | | | |
162+ | ` kern.hz ` | ` 1000 ` | Number of clock ticks per second (improve for shaper on vm's) |
163+
135164### // Trust > \*
136165
137166#### Authorities
@@ -594,18 +623,17 @@ https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country-CSV&
594623
595624### // Settings > Advanced
596625
597- | Section | Key | Value |
598- | :----------------- | :------------------- | :-------------------------------------------------------------------------------------- |
599- | ** Bogon Networks** | Update Frequency | ` Weekly ` |
600- | ** Logging** | Default block | _ checked_ |
601- | | Default pass | _ checked_ |
602- | | Outbound NAT | _ checked_ |
603- | | Bogon networks | _ checked_ |
604- | | Private networks | _ checked_ |
605- | ** Miscellaneous** | Disable anti-lockout | _ checked_ (_ Only when you created relevant firewall rules, else you will lock you out_ ) |
606- | | | |
607- | | | |
608- | | | |
626+ | Section | Key | Value |
627+ | :----------------- | :-------------------- | :-------------------------------------------------------------------------------------- |
628+ | ** Bogon Networks** | Update Frequency | ` Weekly ` |
629+ | ** Logging** | Default block | _ checked_ |
630+ | | Default pass | _ checked_ |
631+ | | Outbound NAT | _ checked_ |
632+ | | Bogon networks | _ checked_ |
633+ | | Private networks | _ checked_ |
634+ | ** Miscellaneous** | Firewall Optimization | ` conservative ` |
635+ | | Disable anti-lockout | _ checked_ (_ Only when you created relevant firewall rules, else you will lock you out_ ) |
636+ | | Disable sshlockout | _ checked_ (_ Only when you created relevant firewall rules, else you will lock you out_ ) |
609637
610638## \\\\ Services > \*
611639
@@ -1043,3 +1071,5 @@ Monit
10431071 - < https://www.reddit.com/r/opnsense/comments/17fjbbw/opnsense_on_proxmox_10gb_network_woes/ > {: target ="\_ blank"}
10441072 - < https://forum.opnsense.org/index.php?topic=31830.0 > {: target ="\_ blank"}
10451073 - < https://forum.opnsense.org/index.php?topic=18754.150 > {: target ="\_ blank"}
1074+ - < https://medium.com/@truvis.thornton/opnsense-firewall-configuration-performance-tuning-for-multi-gigabit-internet-and-better-speeds-in-cfc80c49c544 > {: target ="\_ blank"}
1075+ - < https://docs.opnsense.org/manual/shaping.html > {: target ="\_ blank"}
0 commit comments