OpenBSD Firewall Kernel Configuration
Kyle Amon,  Page 3 
/etc/sysctl.conf

  net.inet.ip.forwarding=1		# 1=Permit forwarding (routing) of packets
  ddb.panic=0			# 0=Do not drop into ddb on a kernel panic
  ddb.console=0			# 1=Permit entry of ddb from the console
  vm.swapencrypt.enable=1	# 1=Encrypt pages that go to swap
  #machdep.allowaperture=2	# See xf86(4)
  machdep.kbdreset=0		# permit console CTRL-ALT-DEL to do a nice halt

  # Local additions

  net.inet.ip.sourceroute=0		# 0=disable source routed packets
  net.inet.ip.directed-broadcast=0		# 0=disable directed broadcasts
  net.inet.ip.portfirst=30000		# first ephemeral port allocated
  net.inet.ip.portlast=49151		# last ephemeral port allocated
  net.inet.ip.porthifirst=49152		# first high port allocated
  net.inet.ip.porthilast=65535		# last high port allocated
  #net.inet.tcp.baddynamic=749,750,751	# don't dynamically allocate port,port