Date: Fri, 11 Jun 1999 19:23:08 -0400 (EDT) From: matt <matt@AIC-GW.MLINK.NET> To: freebsd <freebsd@unreal.gatekeep.net> Cc: Nick Rogness <nick@rapidnet.com>, "Jason L. Schwab" <jschwab@royal.net>, Pete Fritchman <petef@netreach.net>, ghandi@mindless.com, freebsd-security@FreeBSD.ORG Subject: Re: firewalls Message-ID: <Pine.BSF.4.10.9906111921410.2521-100000@aic-gw.mlink.net> In-Reply-To: <Pine.BSF.4.05.9906111603370.37099-100000@unreal.gatekeep.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Jun 1999, freebsd wrote: : I suggest installing ICMP_BANDLIM into the kernel (gret LINT) and setting : it to about 20... sysctl -w net.inet.icmp.icmplim=20 I use both patches, they work nicely, however, I set the limits at 200 for both on bootup with sysctl.. I think the default of 100 is a lil low, and 20 lord. a portscan would trip that off like crazy. Course, I run portsentry with ipfw to handle those *grin* .. Still though, 20 might be a bit low... : Also for syn floods, i suggest going to geek-girl.com and getting the new : syn protection patch for FreeBSD, it works, you also set it via sysctl... [...] Matt -- DISCLAIMER: Anyone sending me unsolicited commercial electronic mail automatically agrees to be held to the following legal terms: US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine. By Sec.227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment. By Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500, whichever is greater, for each violation. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9906111921410.2521-100000>