How to Tune Kernel Parameters Using `/etc/sysctl.conf` on FreeBSD Operating System

Learn how to tune kernel parameters using /etc/sysctl.conf on FreeBSD to optimize system performance, security, and behavior.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  3 minute read  

Introduction

FreeBSD is a powerful and flexible UNIX-like operating system used for a variety of applications, from web servers to embedded systems. One of its strengths is the ability to fine-tune kernel parameters to optimize system performance, security, and behavior. The primary mechanism for adjusting these parameters is through the sysctl command and the configuration file /etc/sysctl.conf.

This guide provides a comprehensive overview of how to use /etc/sysctl.conf to modify kernel parameters on FreeBSD, ensuring that changes persist across reboots.

Understanding sysctl and Kernel Parameters

What is sysctl?

sysctl is a command-line utility that allows users to view and modify kernel parameters at runtime. It interacts with the FreeBSD kernel to configure settings related to networking, memory management, security, and more.

Kernel Parameter Hierarchy

Kernel parameters are structured in a hierarchical format, where different subsystems are grouped under categories. Examples include:

  • kern – General kernel settings
  • vm – Virtual memory parameters
  • net – Networking settings
  • security – Security-related parameters
  • hw – Hardware settings

You can list all available sysctl parameters by running:

sysctl -a

To check the value of a specific parameter, use:

sysctl <parameter>

For example:

sysctl kern.maxproc

To modify a parameter temporarily:

sysctl <parameter>=<value>

For example:

sysctl net.inet.ip.forwarding=1

However, changes made this way do not persist after a reboot. To make them permanent, you must use /etc/sysctl.conf.

Editing /etc/sysctl.conf

Understanding /etc/sysctl.conf

The /etc/sysctl.conf file is used to apply kernel parameter changes automatically at system boot. It follows a simple key-value format:

<parameter>=<value>

For example, to enable IP forwarding permanently, add the following line:

net.inet.ip.forwarding=1

After editing the file, apply the changes without rebooting using:

service sysctl reload

Alternatively, rebooting the system ensures that the new settings take effect.

Common Kernel Parameter Adjustments

1. Performance Optimization

Increasing Maximum Number of Open Files

For high-performance applications, increasing the file descriptor limit is crucial:

kern.maxfiles=65536
kern.maxfilesperproc=32768

This improves the ability of applications to handle a large number of concurrent file operations.

Increasing Maximum Number of Processes

If running many concurrent processes, adjust the process limit:

kern.maxproc=100000
kern.maxprocperuid=50000

2. Network Optimization

Enabling IP Forwarding

To allow the FreeBSD machine to act as a router:

net.inet.ip.forwarding=1

This is essential for NAT and routing configurations.

TCP/IP Performance Tuning

Optimizing TCP buffer sizes for high-performance networking:

net.inet.tcp.recvspace=262144
net.inet.tcp.sendspace=262144

This increases buffer sizes, which can improve performance in high-throughput environments.

3. Security Enhancements

Preventing SYN Flood Attacks

To mitigate SYN flood attacks, increase the SYN cache size and enable SYN cookies:

net.inet.tcp.syncache.hashsize=1024
net.inet.tcp.syncache.bucketlimit=100
net.inet.tcp.syncookies=1

These settings help protect against denial-of-service (DoS) attacks.

Disabling Source Routing

Source routing can be exploited for network attacks. Disable it:

net.inet.ip.sourceroute=0
net.inet6.ip6.sourceroute=0

4. Virtual Memory Tweaks

Increasing Shared Memory Limits

For applications like PostgreSQL, increasing shared memory parameters can improve performance:

kern.ipc.shmmax=268435456
kern.ipc.shmall=65536

These values control the maximum amount of shared memory and the number of shared memory pages available.

Best Practices for Kernel Tuning

  1. Backup Configuration Files – Before making changes, always create a backup of /etc/sysctl.conf.

    cp /etc/sysctl.conf /etc/sysctl.conf.bak

  2. Test Changes Before Making Them Permanent – Use sysctl commands interactively before adding them to /etc/sysctl.conf.

  3. Apply Changes Carefully – Some parameters can affect system stability. Modify one setting at a time and test before proceeding.

  4. Monitor System Performance – Use top, sysctl -a, and dmesg to observe system behavior after changes.

  5. Review FreeBSD Documentation – Refer to the official FreeBSD Handbook and man sysctl for additional details.

Conclusion

Tuning kernel parameters using /etc/sysctl.conf in FreeBSD provides a powerful way to optimize performance, enhance security, and configure system behavior. By understanding and carefully adjusting key parameters, administrators can ensure that their FreeBSD systems run efficiently and securely. Always test changes before applying them permanently and monitor the system for any unintended effects. With the right tuning, FreeBSD can be optimized for a wide range of workloads, from desktops to high-performance servers.


< Enable Linux Binary Compatibility on FreeBSDDebug Kernel Panics with Crash Dumps on FreeBSD >