These are my settings for sysctl.conf
# Max number of incoming connections in queue kern.ipc.somaxconn=512 # Maximum number of processes kern.maxproc=2048 kern.maxprocperuid=1024 # Network buffers; 2K each; check current usage with `netstat -m` kern.ipc.nmbclusters=2048 kern.ipc.maxsockets=2048 # Maximum segment size; other possible values are 1452 and 1460 net.inet.tcp.mssdflt=1440 # Window scaling is only necessary if buffers > 64K net.inet.tcp.rfc1323=0 # Increase buffer sizes kern.ipc.maxsockbuf=131070 net.inet.tcp.sendspace=32768 net.inet.tcp.recvspace=65535 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.inet.raw.recvspace=65535 # Max number of ICMP "Unreachable" and also TCP RST packets per second net.inet.icmp.icmplim=50 # Stop redirects net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=1 net.inet.ip.redirect=0 # Stop source routing net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 # Stop broadcast ECHO response net.inet.icmp.bmcastecho=0 # Stop other broadcast probes net.inet.icmp.maskrepl=0 # Cuts down on the number of tiny packets net.inet.tcp.delayed_ack=1 # Turn off forwarding/routing net.inet.ip.forwarding=0 # Defend against sequence number attacks net.inet.tcp.strict_rfc1948=1 # Defend agains stealth simple port scans net.inet.udp.blackhole=1 net.inet.tcp.blackhole=2 # Expire dead connections net.inet.tcp.always_keepalive=1 net.inet.tcp.keepintvl: 1500 net.inet.tcp.keepinit: 3000 # Verbose firewall logging net.inet.ip.fw.verbose=1 net.inet.ip.fw.verbose_limit=65535 # Prevent core dumps kern.coredump=0