Date: Thu, 15 May 2003 19:00:57 +0100 From: "G D McKee" <freebsd@gdmckee.com> To: <freebsd-questions@freebsd.org> Subject: Securing FreeBSD Message-ID: <001001c31b0b$efe77720$c700a8c0@p2000>
next in thread | raw e-mail | index | archive | help
Hi all I am trying to secure my freebsd box and avoid giving to much info away = to port scans. I have found some site relating to this and have put the following lines = in /etc/sysctl.conf net.inet.tcp.blackhole=3D2 net.inet.udp.blackhole=3D1 and added these to the firewall: options RANDOM_IP_ID options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Can someone explain to me why the TCP_DROP_SYNFIN option breaks web = access? It doesn't seem to have made any changes that I have noticed. = I can't find any docs regarding this to explain what it might break. = Does anyone know any other variables to add to make me more secure? Thanks in advance Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c31b0b$efe77720$c700a8c0>