diff --git a/src/etc/inc/system.inc b/src/etc/inc/system.inc
index a7588b734..ece2b5e69 100644
--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -78,6 +78,10 @@ function get_default_sysctl_value($id)
         'hw.syscons.kbd_reboot' => '0',
         'kern.ipc.maxsockbuf' => '4262144',
         'kern.randompid' => '347',
+        'net.enc.in.ipsec_bpf_mask' => '2', /* after processing */
+        'net.enc.in.ipsec_filter_mask' => '2', /* after processing */
+        'net.enc.out.ipsec_bpf_mask' => '1', /* before processing */
+        'net.enc.out.ipsec_filter_mask' => '1', /* before processing */
         'net.inet.icmp.drop_redirect' => '0',
         'net.inet.icmp.icmplim' => '0',
         'net.inet.icmp.log_redirect' => '0',
@@ -107,6 +111,7 @@ function get_default_sysctl_value($id)
         'net.link.bridge.pfil_onlyip' => '0',
         'net.link.tap.user_open' => '1',
         'net.local.dgram.maxdgram' => '8192',
+        'net.pf.request_maxcount' => '500000',
         'security.bsd.see_other_gids' => '0',
         'security.bsd.see_other_uids' => '0',
         'vfs.read_max' => '32',
@@ -125,11 +130,12 @@ function system_sysctl_get()
     global $config;
 
     $sysctls = array(
-        'net.enc.in.ipsec_bpf_mask' => '2', /* after processing */
-        'net.enc.in.ipsec_filter_mask' => '2', /* after processing */
-        'net.enc.out.ipsec_bpf_mask' => '1', /* before processing */
-        'net.enc.out.ipsec_filter_mask' => '1', /* before processing */
+        'net.enc.in.ipsec_bpf_mask' => 'default',
+        'net.enc.in.ipsec_filter_mask' => 'default',
+        'net.enc.out.ipsec_bpf_mask' => 'default',
+        'net.enc.out.ipsec_filter_mask' => 'default',
         'net.local.dgram.maxdgram' => 'default',
+        'net.pf.request_maxcount' => 'default',
     );
 
     foreach (config_read_array('sysctl', 'item') as $tunable) {