diff --git a/src/etc/config.xml.sample b/src/etc/config.xml.sample
index 83d581ae8..4d56bd374 100644
--- a/src/etc/config.xml.sample
+++ b/src/etc/config.xml.sample
@@ -183,6 +183,16 @@
kern.ipc.maxsockbuf
default
+ -
+
+ vm.pmap.pti
+ default
+
+ -
+
+ hw.ibrs_disable
+ default
+
normal
diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index b85041a8f..636d1b008 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -73,49 +73,41 @@ function system_powerd_configure($verbose = false)
function get_default_sysctl_value($id)
{
$sysctls = array(
- "debug.pfftpproxy" => "0",
- "hw.syscons.kbd_reboot" => "0",
- "kern.ipc.maxsockbuf" => "4262144",
- "kern.randompid" => "347",
- "kern.random.sys.harvest.interrupt" => 0,
- "kern.random.sys.harvest.point_to_point" => 0,
- "kern.random.sys.harvest.ethernet" => 0,
- "kern.filedelay" => "5",
- "kern.dirdelay" => "4",
- "kern.metadelay" => "3",
- "net.bpf.zerocopy_enable" => 1,
- "net.inet.ip.portrange.first" => "1024",
- "net.inet.tcp.blackhole" => "2",
- "net.inet.udp.blackhole" => "1",
- "net.inet.ip.random_id" => "1",
- "net.inet.tcp.drop_synfin" => "1",
- "net.inet.ip.redirect" => "1",
- "net.inet6.ip6.redirect" => "1",
- "net.inet6.ip6.use_tempaddr" => "0",
- "net.inet6.ip6.prefer_tempaddr" => "0",
- "net.inet.tcp.syncookies" => "1",
- "net.inet.tcp.recvspace" => "65228",
- "net.inet.tcp.sendspace" => "65228",
- 'net.inet.ip.sourceroute' => '0',
- 'net.inet.ip.accept_sourceroute' => '0',
+ 'debug.pfftpproxy' => '0',
+ 'hw.syscons.kbd_reboot' => '0',
+ 'hw.ibrs_disable' => '0',
+ 'kern.ipc.maxsockbuf' => '4262144',
+ 'kern.randompid' => '347',
'net.inet.icmp.drop_redirect' => '0',
+ 'net.inet.icmp.icmplim' => '0',
'net.inet.icmp.log_redirect' => '0',
- "net.inet.tcp.delayed_ack" => "0",
- "net.inet.udp.maxdgram" => "57344",
- "net.inet.ip.intr_queue_maxlen" => "1000",
- "net.inet.tcp.log_debug" => "0",
- "net.inet.tcp.tso" => "1",
- "net.inet.icmp.icmplim" => "0",
- "net.inet.ip.process_options" => 0,
- "net.inet.udp.checksum" => 1,
- "net.link.bridge.pfil_bridge" => "0",
- "net.link.bridge.pfil_local_phys" => "0",
- "net.link.bridge.pfil_member" => "1",
- "net.link.bridge.pfil_onlyip" => "0",
- "net.link.tap.user_open" => "1",
- "net.route.netisr_maxqlen" => 1024,
- "net.inet.icmp.reply_from_interface" => 1,
- "vfs.read_max" => "32",
+ 'net.inet.ip.accept_sourceroute' => '0',
+ 'net.inet.ip.intr_queue_maxlen' => '1000',
+ 'net.inet.ip.portrange.first' => '1024',
+ 'net.inet.ip.random_id' => '1',
+ 'net.inet.ip.redirect' => '1',
+ 'net.inet.ip.sourceroute' => '0',
+ 'net.inet.tcp.blackhole' => '2',
+ 'net.inet.tcp.delayed_ack' => '0',
+ 'net.inet.tcp.drop_synfin' => '1',
+ 'net.inet.tcp.log_debug' => '0',
+ 'net.inet.tcp.recvspace' => '65228',
+ 'net.inet.tcp.sendspace' => '65228',
+ 'net.inet.tcp.syncookies' => '1',
+ 'net.inet.tcp.tso' => '1',
+ 'net.inet.udp.blackhole' => '1',
+ 'net.inet.udp.checksum' => 1,
+ 'net.inet.udp.maxdgram' => '57344',
+ 'net.inet6.ip6.prefer_tempaddr' => '0',
+ 'net.inet6.ip6.redirect' => '1',
+ 'net.inet6.ip6.use_tempaddr' => '0',
+ 'net.link.bridge.pfil_bridge' => '0',
+ 'net.link.bridge.pfil_local_phys' => '0',
+ 'net.link.bridge.pfil_member' => '1',
+ 'net.link.bridge.pfil_onlyip' => '0',
+ 'net.link.tap.user_open' => '1',
+ 'vfs.read_max' => '32',
+ 'vm.pmap.pti' => '1',
);
if (isset($sysctls[$id])) {