Date: Mon, 14 Aug 2000 19:21:08 -0400 From: Bill Fumerola <billf@chimesnet.com> To: Bruce Petro <bpetro@usa.com> Cc: hackers@FreeBSD.ORG Subject: Re: ipfw drop packets based on SYN &TTL Message-ID: <20000814192108.R65562@jade.chc-chimes.com> In-Reply-To: <383590598.966293068769.JavaMail.root@web303-mc.mail.com>; from bpetro@usa.com on Mon, Aug 14, 2000 at 06:44:28PM -0400 References: <383590598.966293068769.JavaMail.root@web303-mc.mail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 14, 2000 at 06:44:28PM -0400, Bruce Petro wrote:
> Is this similar to the following kernel configuration?
> options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
Not at all.
The original poster is looking to drop all packets with a certain
tcp syn#, where the TCP_DROP_SYNFIN option (and you must turn on
the corresponding sysctl for it to be enabled) drops all packets
with both the "syn" and "fin" flags set.
functionally equivalent to:
ipfw add drop tcp from any to any tcpflags syn,fin
--
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
billf@chimesnet.com / billf@FreeBSD.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000814192108.R65562>