From owner-freebsd-questions@FreeBSD.ORG Thu Mar 27 17:26:13 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DB6D337B404 for ; Thu, 27 Mar 2003 17:26:13 -0800 (PST) Received: from s03.net.kht.ru (s03.net.kht.ru [194.85.113.246]) by mx1.FreeBSD.org (Postfix) with ESMTP id A8BC943FD7 for ; Thu, 27 Mar 2003 17:26:06 -0800 (PST) (envelope-from kinder2000@mail.ru) Received: from ppp083.dial-up.kht.ru (ppp083.dial-up.kht.ru [213.59.137.83]) by s03.net.kht.ru (8.12.8/8.12.4) with ESMTP id h2S1PfmO029456 for ; Fri, 28 Mar 2003 11:25:42 +1000 Date: Fri, 28 Mar 2003 11:24:53 +1000 From: kinder2000 X-Mailer: The Bat! (v1.62i) Organization: home X-Priority: 3 (Normal) Message-ID: <1563094639.20030328112453@mail.ru> To: questions@freebsd.org In-Reply-To: <20030327175306.GA610@c-6d3a70d5.bredbandsbolaget.se> References: <16811096265.20030326231011@mail.ru> <20030327175306.GA610@c-6d3a70d5.bredbandsbolaget.se> MIME-Version: 1.0 Content-Type: text/plain; charset=Windows-1251 Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=-8.1 required=5.0 tests=AWL,FROM_ENDS_IN_NUMS,IN_REP_TO,MAILTO_TO_SPAM_ADDR, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES autolearn=ham version=2.50 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.50 (1.173-2003-02-20-exp) Subject: Re[2]: Then i boot FreeBSD 4.7, not work values in /etc/sysctl.conf see file - sysctl.jpg. How solve this problem? ## help me ;/ X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: kinder2000 List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 28 Mar 2003 01:26:17 -0000 Hi, Martin! 28 марта 2003 г., 3:53:06: MK> * kinder2000 [2003-03-26 23.10 +1000]: >> Hi, ! MK> Hi, >> Then i boot FreeBSD 4.7, not work values in /etc/sysctl.conf >> at console i se this messages: >> >> Warring: net.ipv4.icmp_ignore_bogus_error_responses=1 does not exist >> Warring: net.ipv4.conf.all.log_martians=1 does not exist >> Warring: net.ipv4.conf.all.accept_source_route=0 does not exist >> Warring: net.ipv4.tcp_syncookies=1 does not exist >> Warring: net.ipv4.conf.all.send_redirects=0 does not exist >> Warring: net.ipv4.conf.all.accept_redirects=0 does not exist >> Warring: net.ipv4.tcp_fin_timeout=30 does not exist >> Warring: net.ipv4.tcp_keepalive_time=1800 does not exist >> Warring: net.ipv4.tcp_window_scaling=0 does not exist >> Warring: net.ipv4.tcp_sack=0 does not exist >> Warring: net.ipv4.tcp_timestamps=0 does not exist >> Warring: net.ipv4.tcp_max_syn_backlog=2048 does not exist >> Warring: net.ipv4.conf.all.forwarding=0 does not exist >> Warring: net.ipv4.icmp_echo_ignore_broadcasts=1 does not exist >> >> How solve this problem? >> I found articles about anti DoS/Flood atacks. >> But it not work ;/ MK> Do the values to sysctl you list below exist? Have you checked? MK> The command "sysctl -a" lists all currently (non-opaque) values. Pipe it MK> through a pager such as less(1). MK> Read the sysctl(8) man-page for more info. >> sysctl.conf >> ========================================================================== >> net.ipv4.conf.all.send_redirects=0 >> net.ipv4.conf.all.accept_redirects=0 >> net.ipv4.conf.all.accept_source_route=0 >> net.ipv4.conf.all.mc_forwarding=0 >> net.ipv4.icmp_echo_ignore_broadcasts=1 >> net.ipv4.icmp_ignore_bogus_error_responses=1 >> net.ipv4.conf.all.log_martians=1 >> net.ipv4.conf.all.rp_filter=1 MK> HTH Thank's! I read in inet unofficial FreeBSD faq. I think author mistakes in it. But i have questions about how to make kernel with my values? Not in /etc/sysctl.conf? I compile kernel with: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 values in sysctl is: net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit:100 But how i can enable in kernel this value? net.inet.tcp.syncookies: 1 sysctl -a ========= kern.ostype: FreeBSD kern.osrelease: 4.7-RELEASE kern.osrevision: 199506 kern.version: FreeBSD 4.7-RELEASE #0: Mon Mar 24 06:38:54 GMT 2003 root@bsd.localdomain:/usr/src/sys/compile/FOX2 kern.maxvnodes: 6663 kern.maxproc: 756 kern.maxfiles: 1512 kern.argmax: 65536 kern.securelevel: -1 kern.hostname: bsd.localdomain kern.hostid: 0 kern.clockrate: { hz = 100, tick = 10000, tickadj = 5, profhz = 1024, stathz = 128 } kern.posix1version: 199309 kern.ngroups: 16 kern.job_control: 1 kern.saved_ids: 0 kern.boottime: { sec = 1048784896, usec = 314708 } Thu Mar 27 17:08:16 2003 kern.domainname: kern.osreldate: 470000 kern.bootfile: /kernel kern.maxfilesperproc: 1360 kern.maxprocperuid: 680 kern.dumpdev: kern.ipc.maxsockbuf: 262144 kern.ipc.sockbuf_waste_factor: 8 kern.ipc.somaxconn: 128 kern.ipc.max_linkhdr: 16 kern.ipc.max_protohdr: 40 kern.ipc.max_hdr: 56 kern.ipc.max_datalen: 156 kern.ipc.nmbclusters: 1248 kern.ipc.semmap: 30 kern.ipc.semmni: 10 kern.ipc.semmns: 60 kern.ipc.semmnu: 30 kern.ipc.semmsl: 60 kern.ipc.semopm: 100 kern.ipc.semume: 10 kern.ipc.semusz: 92 kern.ipc.semvmx: 32767 kern.ipc.semaem: 16384 kern.ipc.shmmax: 33554432 kern.ipc.shmmin: 1 kern.ipc.shmmni: 192 kern.ipc.shmseg: 128 kern.ipc.shmall: 8192 kern.ipc.shm_use_phys: 0 kern.ipc.mbuf_wait: 32 kern.ipc.mbtypes: 15 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 kern.ipc.nmbufs: 4992 kern.ipc.mcl_pool_max: 0 kern.ipc.mcl_pool_now: 0 kern.ipc.maxsockets: 1512 kern.dummy: 0 kern.ps_strings: 3217031152 kern.usrstack: 3217031168 kern.logsigexit: 1 kern.fallback_elf_brand: -1 kern.init_path: /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall kern.module_path: /;/boot/;/modules/ kern.acct_suspend: 2 kern.acct_resume: 4 kern.acct_chkfreq: 15 kern.cp_time: 35 0 484 12 3230 kern.timecounter.method: 0 kern.timecounter.hardware: TSC kern.openfiles: 37 kern.kq_calloutmax: 4096 kern.ps_arg_cache_limit: 256 kern.ps_argsopen: 1 kern.randompid: 0 kern.maxusers: 46 kern.ps_showallprocs: 1 kern.shutdown.poweroff_delay: 5000 kern.shutdown.kproc_shutdown_wait: 60 kern.sugid_coredump: 0 kern.coredump: 1 kern.corefile: %N.core kern.quantum: 100000 kern.ccpu: 1948 kern.fscale: 2048 kern.devstat.numdevs: 1 kern.devstat.generation: 1 kern.devstat.version: 4 kern.disks: ad0 kern.log_wakeups_per_second: 5 kern.log_console_output: 1 kern.msgbuf: kern.msgbuf_clear: 0 kern.nselcoll: 0 kern.consmute: 0 kern.filedelay: 30 kern.dirdelay: 29 kern.metadelay: 28 kern.minvnodes: 1665 kern.chroot_allow_open_directories: 1 vm.loadavg: { 0.14 0.04 0.01 } vm.v_free_min: 229 vm.v_free_target: 1028 vm.v_free_reserved: 112 vm.v_inactive_target: 1542 vm.v_cache_min: 1028 vm.v_cache_max: 2056 vm.v_pageout_free_min: 34 vm.pageout_algorithm: 0 vm.swap_enabled: 1 vm.swap_async_max: 4 vm.swap_idle_threshold1: 2 vm.swap_idle_threshold2: 10 vm.v_free_severe: 170 vm.stats.sys.v_swtch: 1585 vm.stats.sys.v_trap: 6930 vm.stats.sys.v_syscall: 25801 vm.stats.sys.v_intr: 8363 vm.stats.sys.v_soft: 466 vm.stats.vm.v_vm_faults: 9841 vm.stats.vm.v_cow_faults: 2562 vm.stats.vm.v_cow_optim: 0 vm.stats.vm.v_zfod: 2332 vm.stats.vm.v_ozfod: 2236 vm.stats.vm.v_swapin: 0 vm.stats.vm.v_swapout: 0 vm.stats.vm.v_swappgsin: 0 vm.stats.vm.v_swappgsout: 0 vm.stats.vm.v_vnodein: 171 vm.stats.vm.v_vnodeout: 0 vm.stats.vm.v_vnodepgsin: 1324 vm.stats.vm.v_vnodepgsout: 0 vm.stats.vm.v_intrans: 0 vm.stats.vm.v_reactivated: 66 vm.stats.vm.v_pdwakeups: 0 vm.stats.vm.v_pdpages: 0 vm.stats.vm.v_dfree: 0 vm.stats.vm.v_pfree: 2953 vm.stats.vm.v_tfree: 5455 vm.stats.vm.v_page_size: 4096 vm.stats.vm.v_page_count: 23629 vm.stats.vm.v_free_reserved: 112 vm.stats.vm.v_free_target: 1028 vm.stats.vm.v_free_min: 229 vm.stats.vm.v_free_count: 20245 vm.stats.vm.v_wire_count: 1332 vm.stats.vm.v_active_count: 877 vm.stats.vm.v_inactive_target: 1542 vm.stats.vm.v_inactive_count: 1172 vm.stats.vm.v_cache_count: 3 vm.stats.vm.v_cache_min: 1028 vm.stats.vm.v_cache_max: 2056 vm.stats.vm.v_pageout_free_min: 34 vm.stats.vm.v_interrupt_free_min: 2 vm.stats.vm.v_forks: 142 vm.stats.vm.v_vforks: 2 vm.stats.vm.v_rforks: 0 vm.stats.vm.v_kthreads: 5 vm.stats.vm.v_forkpages: 9445 vm.stats.vm.v_vforkpages: 364 vm.stats.vm.v_rforkpages: 0 vm.stats.vm.v_kthreadpages: 0 vm.stats.misc.zero_page_count: 16322 vm.stats.misc.cnt_prezero: 18545 vm.max_proc_mmap: 6721 vm.msync_flush_flags: 3 vm.max_launder: 32 vm.pageout_stats_max: 1028 vm.pageout_full_stats_interval: 20 vm.pageout_stats_interval: 5 vm.pageout_stats_free_max: 5 vm.swap_idle_enabled: 0 vm.defer_swapspace_pageouts: 0 vm.disable_swapspace_pageouts: 0 vm.pageout_lock_miss: 0 vm.zone: ITEM SIZE LIMIT USED FREE REQUESTS PIPE: 160, 0, 2, 100, 90 SWAPMETA: 160, 11814, 0, 0, 0 unpcb: 160, 0, 4, 46, 6 ripcb: 192, 1512, 0, 42, 2 syncache: 160, 15359, 0, 51, 2 tcpcb: 544, 1512, 5, 10, 9 udpcb: 192, 1512, 1, 41, 45 socket: 192, 1512, 10, 32, 62 DIRHASH: 1024, 0, 25, 7, 25 KNOTE: 64, 0, 0, 128, 24 VNODE: 192, 0, 886, 68, 886 NAMEI: 1024, 0, 0, 16, 3177 VMSPACE: 192, 0, 16, 48, 144 PROC: 416, 0, 21, 28, 149 DP fakepg: 64, 0, 0, 0, 0 PV ENTRY: 28, 200334, 3466, 21101, 30937 MAP ENTRY: 48, 0, 227, 156, 5817 KMAP ENTRY: 48, 6035, 60, 153, 362 MAP: 108, 0, 7, 3, 7 VM OBJECT: 96, 0, 354, 70, 2363 vm.zone_kmem_pages: 11 vm.zone_kmem_kvaspace: 11255808 vm.zone_kern_pages: 80 vm.kvm_size: 1069547520 vm.kvm_free: 943718400 vfs.ufs.dirhash_minsize: 2560 vfs.ufs.dirhash_maxmem: 2097152 vfs.ufs.dirhash_mem: 28105 vfs.ufs.dirhash_docheck: 0 vfs.numdirtybuffers: 19 vfs.lodirtybuffers: 168 vfs.hidirtybuffers: 336 vfs.numfreebuffers: 1246 vfs.lofreebuffers: 75 vfs.hifreebuffers: 150 vfs.runningbufspace: 0 vfs.lorunningspace: 524288 vfs.hirunningspace: 1048576 vfs.maxbufspace: 20725760 vfs.hibufspace: 20070400 vfs.lobufspace: 20004864 vfs.bufspace: 3784704 vfs.maxmallocbufspace: 1003520 vfs.bufmallocspace: 69632 vfs.getnewbufcalls: 302 vfs.getnewbufrestarts: 0 vfs.vmiodirenable: 1 vfs.bufdefragcnt: 0 vfs.buffreekvacnt: 0 vfs.bufreusecnt: 231 vfs.cache.numneg: 77 vfs.cache.numcache: 1356 vfs.cache.numcalls: 5564 vfs.cache.dothits: 140 vfs.cache.dotdothits: 1 vfs.cache.numchecks: 4132 vfs.cache.nummiss: 1510 vfs.cache.nummisszap: 41 vfs.cache.numposzaps: 29 vfs.cache.numposhits: 3586 vfs.cache.numnegzaps: 7 vfs.cache.numneghits: 250 vfs.cache.numcwdcalls: 11 vfs.cache.numcwdfail1: 0 vfs.cache.numcwdfail2: 0 vfs.cache.numcwdfail3: 0 vfs.cache.numcwdfail4: 0 vfs.cache.numcwdfound: 11 vfs.cache.numfullpathcalls: 0 vfs.cache.numfullpathfail1: 0 vfs.cache.numfullpathfail2: 0 vfs.cache.numfullpathfail3: 0 vfs.cache.numfullpathfail4: 0 vfs.cache.numfullpathfound: 0 vfs.write_behind: 1 vfs.reassignbufcalls: 792 vfs.reassignbufloops: 0 vfs.reassignbufsortgood: 366 vfs.reassignbufsortbad: 42 vfs.reassignbufmethod: 1 vfs.nameileafonly: 0 vfs.timestamp_precision: 0 vfs.usermount: 0 vfs.ffs.doreallocblks: 1 vfs.ffs.doasyncfree: 1 net.local.stream.sendspace: 8192 net.local.stream.recvspace: 8192 net.local.dgram.maxdgram: 2048 net.local.dgram.recvspace: 4096 net.local.inflight: 0 net.inet.ip.portrange.lowfirst: 1023 net.inet.ip.portrange.lowlast: 600 net.inet.ip.portrange.first: 1024 net.inet.ip.portrange.last: 5000 net.inet.ip.portrange.hifirst: 49152 net.inet.ip.portrange.hilast: 65535 net.inet.ip.forwarding: 0 net.inet.ip.redirect: 1 net.inet.ip.ttl: 64 net.inet.ip.rtexpire: 3600 net.inet.ip.rtminexpire: 10 net.inet.ip.rtmaxcache: 128 net.inet.ip.sourceroute: 0 net.inet.ip.intr_queue_maxlen: 50 net.inet.ip.intr_queue_drops: 0 net.inet.ip.accept_sourceroute: 0 net.inet.ip.fastforwarding: 0 net.inet.ip.keepfaith: 0 net.inet.ip.subnets_are_local: 0 net.inet.ip.fw.enable: 1 net.inet.ip.fw.one_pass: 1 net.inet.ip.fw.debug: 1 net.inet.ip.fw.verbose: 1 net.inet.ip.fw.verbose_limit: 50000 net.inet.ip.fw.dyn_buckets: 256 net.inet.ip.fw.curr_dyn_buckets: 256 net.inet.ip.fw.dyn_count: 0 net.inet.ip.fw.dyn_max: 1000 net.inet.ip.fw.static_count: 2 net.inet.ip.fw.dyn_ack_lifetime: 300 net.inet.ip.fw.dyn_syn_lifetime: 20 net.inet.ip.fw.dyn_fin_lifetime: 1 net.inet.ip.fw.dyn_rst_lifetime: 1 net.inet.ip.fw.dyn_udp_lifetime: 10 net.inet.ip.fw.dyn_short_lifetime: 5 net.inet.ip.fw.dyn_grace_time: 10 net.inet.ip.maxfragpackets: 312 net.inet.ip.check_interface: 0 net.inet.icmp.maskrepl: 0 net.inet.icmp.icmplim: 200 net.inet.icmp.drop_redirect: 0 net.inet.icmp.log_redirect: 0 net.inet.icmp.icmplim_output: 1 net.inet.icmp.bmcastecho: 0 net.inet.tcp.rfc1323: 1 net.inet.tcp.rfc1644: 0 net.inet.tcp.mssdflt: 512 net.inet.tcp.keepidle: 7200000 net.inet.tcp.keepintvl: 75000 net.inet.tcp.sendspace: 32768 net.inet.tcp.recvspace: 57344 net.inet.tcp.keepinit: 75000 net.inet.tcp.delacktime: 100 net.inet.tcp.log_in_vain: 0 net.inet.tcp.blackhole: 0 net.inet.tcp.delayed_ack: 1 net.inet.tcp.path_mtu_discovery: 1 net.inet.tcp.slowstart_flightsize: 1 net.inet.tcp.local_slowstart_flightsize: 4 net.inet.tcp.newreno: 1 net.inet.tcp.tcbhashsize: 512 net.inet.tcp.do_tcpdrain: 1 net.inet.tcp.pcbcount: 5 net.inet.tcp.icmp_may_rst: 1 net.inet.tcp.isn_reseed_interval: 0 net.inet.tcp.inflight_enable: 0 net.inet.tcp.inflight_debug: 0 net.inet.tcp.inflight_min: 6144 net.inet.tcp.inflight_max: 1073725440 net.inet.tcp.syncookies: 1 net.inet.tcp.syncache.bucketlimit: 30 net.inet.tcp.syncache.cachelimit: 15359 net.inet.tcp.syncache.count: 0 net.inet.tcp.syncache.hashsize: 512 net.inet.tcp.syncache.rexmtlimit: 3 net.inet.tcp.msl: 30000 net.inet.tcp.rexmit_min: 1000 net.inet.tcp.rexmit_slop: 200 net.inet.tcp.always_keepalive: 1 net.inet.udp.checksum: 1 net.inet.udp.maxdgram: 9216 net.inet.udp.recvspace: 41600 net.inet.udp.log_in_vain: 0 net.inet.udp.blackhole: 0 net.inet.accf.unloadable: 0 net.inet.raw.maxdgram: 8192 net.inet.raw.recvspace: 8192 net.link.generic.system.ifcount: 2 net.link.ether.inet.prune_intvl: 300 net.link.ether.inet.max_age: 1200 net.link.ether.inet.host_down_time: 20 net.link.ether.inet.maxtries: 5 net.link.ether.inet.useloopback: 1 net.link.ether.inet.proxyall: 0 net.link.ether.inet.log_arp_wrong_iface: 1 net.link.ether.ipfw: 0 debug.elf_trace: 0 debug.boothowto: -2147483648 debug.free_devt: 0 debug.fdexpand: 0 debug.sizeof.vnode: 168 debug.sizeof.proc: 408 debug.sizeof.specinfo: 68 debug.sizeof.disklabel: 276 debug.sizeof.diskslices: 1820 debug.sizeof.disk: 304 debug.ttydebug: 0 debug.nchash: 8191 debug.ncnegfactor: 16 debug.numneg: 77 debug.numcache: 1356 debug.vfscache: 1 debug.vnsize: 168 debug.ncsize: 36 debug.disablecwd: 0 debug.disablefullpath: 0 debug.numvnodes: 886 debug.wantfreevnodes: 25 debug.freevnodes: 670 debug.rush_requests: 0 debug.vnlru_nowhere: 0 debug.max_softdeps: 53304 debug.tickdelay: 2 debug.worklist_push: 0 debug.blk_limit_push: 0 debug.ino_limit_push: 0 debug.blk_limit_hit: 0 debug.ino_limit_hit: 0 debug.sync_limit_hit: 0 debug.indir_blk_ptrs: 0 debug.inode_bitmap: 2 debug.direct_blk_ptrs: 81 debug.dir_entry: 0 debug.dircheck: 0 hw.machine: i386 hw.model: AMD Athlon(tm) Processor hw.ncpu: 1 hw.byteorder: 1234 hw.physmem: 98553856 hw.usermem: 93093888 hw.pagesize: 4096 hw.floatingpoint: 1 hw.machine_arch: i386 hw.ata.ata_dma: 1 hw.ata.wc: 1 hw.ata.tags: 1 hw.instruction_sse: 0 hw.availpages: 23895 machdep.consdev: { major = 12, minor = 255 } machdep.adjkerntz: 0 machdep.disable_rtc_set: 0 machdep.wall_cmos_clock: 0 machdep.do_dump: 1 machdep.enable_panic_key: 0 machdep.ispc98: 0 machdep.msgbuf: machdep.msgbuf_clear: 0 machdep.cpu_idle_hlt: 1 machdep.guessed_bootdev: /dev/wd0s1a machdep.panic_on_nmi: 1 machdep.i8254_freq: 1193182 machdep.tsc_freq: 903708779 user.cs_path: /usr/bin:/bin:/usr/sbin:/sbin: user.bc_base_max: 99 user.bc_dim_max: 2048 user.bc_scale_max: 99 user.bc_string_max: 1000 user.coll_weights_max: 0 user.expr_nest_max: 32 user.line_max: 2048 user.re_dup_max: 255 user.posix2_version: 199212 user.posix2_c_bind: 0 user.posix2_c_dev: 0 user.posix2_char_term: 0 user.posix2_fort_dev: 0 user.posix2_fort_run: 0 user.posix2_localedef: 0 user.posix2_sw_dev: 0 user.posix2_upe: 0 user.stream_max: 20 user.tzname_max: 255 p1003_1b.asynchronous_io: 0 p1003_1b.mapped_files: 0 p1003_1b.memlock: 0 p1003_1b.memlock_range: 0 p1003_1b.memory_protection: 0 p1003_1b.message_passing: 0 p1003_1b.prioritized_io: 0 p1003_1b.priority_scheduling: 1 p1003_1b.realtime_signals: 0 p1003_1b.semaphores: 0 p1003_1b.fsync: 0 p1003_1b.shared_memory_objects: 0 p1003_1b.synchronized_io: 0 p1003_1b.timers: 0 p1003_1b.aio_listio_max: 0 p1003_1b.aio_max: 0 p1003_1b.aio_prio_delta_max: 0 p1003_1b.delaytimer_max: 0 p1003_1b.mq_open_max: 0 p1003_1b.pagesize: 4096 p1003_1b.rtsig_max: 0 p1003_1b.sem_nsems_max: 0 p1003_1b.sem_value_max: 0 p1003_1b.sigqueue_max: 0 p1003_1b.timer_max: 0 jail.set_hostname_allowed: 1 jail.socket_unixiproute_only: 1 jail.sysvipc_allowed: 0 kinder2000 mailto:kinder2000@mail.ru