ndd.conf

#
# NDD NetTune config file.
#
# ident   "@(#)ndd.conf     1.1     10/28/09 YV" 
#

# Harden fingerprinting
#tcp tcp_mss_def_ipv4 928
#ip ip_path_mtu_discovery 0
tcp tcp_xmit_hiwat 64395
tcp tcp_recv_hiwat 64395
tcp tcp_ipv4_ttl 128

# Functional settings
#ip ip_strict_dst_multihoming 1
#ip ip6_strict_dst_multihoming 1

# Security settings
ip ip_respond_to_echo_broadcast 0
ip ip_send_redirects 0
ip ip6_send_redirects 0
ip ip_respond_to_echo_multicast 0
ip ip6_respond_to_echo_multicast 0
ip ip_icmp_err_interval 1000
ip ip_icmp_err_burst 1
ip ip_ignore_redirect 1
ip ip6_ignore_redirect 1

# Ephemeral Port Adjustment
tcp tcp_smallest_anon_port 24000

# Performance tunables
#tcp tcp_conn_req_max_q 1024
#tcp tcp_conn_req_max_q0 4096
tcp tcp_conn_req_max_q 4192
tcp tcp_conn_req_max_q0 16384
# Default tcp_keepalive_interval is 2 hours
#tcp tcp_keepalive_interval 7200000
#tcp tcp_keepalive_interval 900000
tcp tcp_keepalive_interval 15000
#tcp tcp_rexmit_interval_max 10000
#tcp tcp_rexmit_interval_min 3000
tcp tcp_time_wait_interval 60000
tcp tcp_fin_wait_2_flush_interval 67500

# UDP buffer for DNS recursor
udp udp_max_buf 8388608
# TCP ECN proxy issue (default 1 - Passive)
tcp tcp_ecn_permitted 2
# TCP WSS proxy issue (default disable)
tcp tcp_wscale_always 1