From owner-freebsd-questions  Fri Aug  2  0:35:16 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id AEFAF37B400
	for <freebsd-questions@freebsd.org>; Fri,  2 Aug 2002 00:35:14 -0700 (PDT)
Received: from lv.raad.tartu.ee (lv.raad.tartu.ee [194.126.106.110])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 851DF43E70
	for <freebsd-questions@freebsd.org>; Fri,  2 Aug 2002 00:35:13 -0700 (PDT)
	(envelope-from toomas.aas@raad.tartu.ee)
Received: Message by Barricade lv.raad.tartu.ee  with ESMTP id g727Z5031324;
	Fri, 2 Aug 2002 10:35:05 +0300
Message-Id: <200208020735.g727Z5031324@lv.raad.tartu.ee>
Received: from SpoolDir by INFO (Mercury 1.48); 2 Aug 02 10:33:56 +0300
From: "Toomas Aas" <toomas.aas@raad.tartu.ee>
Organization: Tartu City Government
To: Anshuman Kanwar <akanwar@engineering.ucsb.edu>,
	freebsd-questions@freebsd.org
Date: Fri, 2 Aug 2002 10:33:46 +0300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: Re: RST limit and ICMP_BANDLIM
References: <3C2F6ADA.95396383@expertcity.com>
In-reply-to: <Pine.LNX.4.33.0202060714280.12511-100000@linux22.engr.ucsb.edu>
X-info: Headers changed by Barricade
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

> From:          Anshuman Kanwar <akanwar@engineering.ucsb.edu>
> To:            <freebsd-questions@FreeBSD.ORG>
> Subject:       RST limit and ICMP_BANDLIM

> I understand that RST packets are returned for TCP packets that are
> reseived for closed ports. And a log messsge of the form:
> 
> Limiting closed port RST response from 233 to 200 packets per second
> 
> is generated.
> 
> My questions about this are:
> 
>  1) What happens if the packets are dropped without returning a RST.
> Will this be against RFC specs.
> 
>  2) Is there a kernel option to enable the above behavior. I could not
> find anything in LINT.

There is the net.inet.tcp.blackhole sysctl that does what you seem to 
be looking for. See man blackhole for details.
--
Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/
* Testicle -- n., a humorous question to an exam.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message