sysctl.conf hardened for FreeBSD with Xen

1. # Are being run under another UID.
2. security.bsd.see_other_gids=0
3. security.bsd.see_other_uids=0
4. kern.ps_showallprocs=0
5. kern.ipc.maxsockbuf=4000000
6.  
7. # Enable stack protecttion
8. kern.elf32.nxstack=1
9. kern.elf64.nxstack=1
10.  
11. # IP security options
12. net.inet.ip.redirect=0
13. net.inet.ip.sourceroute=0
14. net.inet.ip.accept_sourceroute=0
15. net.inet.ip.random_id=1
16. net.inet.ip.portrange.first=9981
17. net.inet.ip.ttl=128
18.  
19. # TCP Security options
20. net.inet.tcp.sendspace=32768
21. net.inet.tcp.recvspace=32768
22. net.inet.tcp.sendbuf_max=16777216
23. net.inet.tcp.recvbuf_max=16777216
24. net.inet.tcp.path_mtu_discovery=0
25. net.inet.tcp.blackhole=2
26. net.inet.tcp.drop_synfin=1
27.  
28. # ICMP Security options
29. net.inet.icmp.drop_redirect=1
30. net.inet.icmp.maskrepl=0
31.  
32. # UDP Security options
33. net.inet.udp.recvbuf_max=16777216
34. net.inet.udp.blackhole=1
35.  
36. # Disable TSO in all interfaces
37. net.inet.tcp.tso=0