Many people want to optimize their own FreeBSD, especially in terms of network performance and kernel adjustment, because these are the most direct optimization methods. Here I have collected and sorted out the information and commented it out in Chinese. I believe many people will get it.
# Maximum buffer space for TCP data to be sent
Net. inet. tcp. sendspace = 65536
# Maximum accept TCP buffer space
Net. inet. tcp. recvspace = 65536
# Maximum accept UDP buffer size
. Net. inet. udp. sendspace = 65535
# Maximum size of the buffer for sending UDP data
Net. inet. udp. maxdgram = 65535
# Data sending space connected by local socket
Net. local. stream. sendspace = 65535
# Protocol for accelerating network performance
Net. inet. tcp. rfc1323 = 1
Net. inet. tcp. rfc1644 = 1
Net. inet. tcp. rfc3042 = 1
Net. inet. tcp. rfc3390 = 1
# Maximum Socket buffer
Kern. ipc. maxsockbuf = 2097152
# Maximum number of files allowed in the system
Kern. maxfiles = 65536
# Maximum number of files that each process can open simultaneously
Kern. maxfilesperproc = 32768
# When a computer initiates a TCP connection request, the system will respond to the ACK response packet.
# This option sets whether to delay the ACK response packet and sends it together with the data packet,
# High-speed networks and low load will slightly improve performance, but when the network connection is poor,
# If the recipient's computer does not receive a response, the connection request will be continuously initiated, but the performance will be reduced.
Net. inet. tcp. delayed_ack = 0
# Blocking ICMP redirection
Net. inet. icmp. drop_redirect = 1
Net. inet. icmp. log_redirect = 1
Net. inet. ip. redirect = 0
Net. inet6.ip6. redirect = 0
# Prevent ICMP broadcast storms
Net. inet. icmp. bmcastecho = 0
Net. inet. icmp. maskrepl = 0
# Limit the system's ICMP sending rate
Net. inet. icmp. icmplim = 100
# Security parameter. options TCP_DROP_SYNFIN is added during kernel compilation.
Net. inet. icmp. icmplim_output = 0
Net. inet. tcp. drop_synfin = 1
# Setting 1 will help the system clear TCP connections that are not normally disconnected. This increases the usage of some network bandwidth, but some dead connections can be identified and cleared. The dead TCP connection is a special problem of the system accessed by the dial-up user, because the user often disconnects the modem and does not properly close the active connection.
Net. inet. tcp. always_keepalive = 1
# If net. inet. ip. intr_queue_drops is increasing, you need to increase net. inet. ip. intr_queue_maxlen, preferably 0.
Net. inet. ip. intr_queue_maxlen = 1000
# Prevent DOS attacks. The default value is 30000.
Net. inet. tcp. msl = 7500
# Receive all packets sent from a closed port and drop them directly. If it is set to 1, it is only for TCP packets.
Net. inet. tcp. blackhole = 2
# Directly drop all UDP packets sent from a closed port
Net. inet. udp. blackhole = 1
# Provide a buffer for network data connection
Net. inet. tcp. inflight. enable = 1
# If it is enabled, the data of each target address will be recorded in the route table and arp data table once it is successfully forwarded, saving the route computing time, however, a large amount of kernel memory is required to save the route table.
Net. inet. ip. fastforwarding = 0
# Enable the options POLLING function in kernel compilation. It is not recommended to use low load in high load scenarios.
# SMP cannot be used with polling
# Kern. polling. enable = 1
# Number of concurrent connections. The default value is 128. The recommended value is between and. The larger the number, the larger the memory usage.
Kern. ipc. somaxconn = 32768
# Prohibiting users from viewing other users' Processes
Security. bsd. see_other_uids = 0
# Setting the kernel Security Level
Kern. securelevel = 0
# Record any TCP connections
Net. inet. tcp. log_in_vain = 1
# Record any UDP connections
Net. inet. udp. log_in_vain = 1
# Prevent incorrect udp packet attacks
Net. inet. udp. checksum = 1
# Prevent DOS Attacks
Net. inet. tcp. syncookies = 1
# Physical memory is only supported by threads, and more than 256 MB of memory is required
Kern. ipc. shm_use_phys = 1
# Maximum shared memory available for threads
Kern. ipc. shmmax = 67108864
# Maximum number of threads
Kern. ipc. shmall = 32768
# Not recorded during program crash
Kern. coredump = 0
# Lo local data stream receiving and sending Space
Net. local. stream. recvspace = 65536
. Net. local. dgram. maxdgram = 16384
Net. local. dgram. recvspace = 65536
# The Data Segment Size of the data packet. The value of ADSL is 1452.
Net. inet. tcp. mssdflt = 1460
# Provide a buffer for network data connection
Net. inet. tcp. inflight_enable = 1
# Minimum value of the Data Segment of the data packet. The value of ADSL is 1452.
Net. inet. tcp. minmss = 1460
# Maximum number of local data
Net. inet. raw. maxdgram = 65536
# Local data stream receiving space
Net. inet. raw. recvspace = 65536
# Number of Dynamic Rules of ipfw firewall. The default value is 4096. Increasing this value can prevent some viruses from sending a large number of TCP connections, resulting in failure to establish a normal connection.
Net. inet. ip. fw. dyn_max = 65535
# Set the idle retention time for the TCP connection of ipf firewall. The default value is 8640000 (120 hours)
Net. inet. ipf. fr_tcpidletimeout = 864000