From owner-freebsd-stable Mon Jun 11 4:42: 5 2001 Delivered-To: freebsd-stable@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id E900537B408 for ; Mon, 11 Jun 2001 04:41:55 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id NAA09979; Mon, 11 Jun 2001 13:41:54 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: stable@freebsd.org Subject: HEADS UP: TCP_RESTRICT_RST removed From: Dag-Erling Smorgrav Date: 11 Jun 2001 13:41:54 +0200 Message-ID: Lines: 15 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG As some of you have already noticed, the TCP_RESTRICT_RST option has disappeared. FreeBSD has for some time had something called blackhole that servers the same purpose as TCP_RESTRICT_RST, except better. Let me add that most if not all of you who have complained about this option's disappearance had no use for it in the first place. FreeBSD does RST rate limiting by default (through icmp_bandlim), and that should be sufficient protection unless you're running an EFNet IRC server or a similarly exposed high-profile server (and believe you me, you have no idea what "exposed" and "high-profile" mean until you've tried to admin an EFNet IRC server) DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message