Date: Thu, 15 May 2003 19:00:57 +0100 From: "G D McKee" <freebsd@gdmckee.com> To: <freebsd-questions@freebsd.org> Subject: Securing FreeBSD Message-ID: <001001c31b0b$efe77720$c700a8c0@p2000>
next in thread | raw e-mail | index | archive | help
Hi all I am trying to secure my freebsd box and avoid giving to much info away to port scans. I have found some site relating to this and have put the following lines in /etc/sysctl.conf net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 and added these to the firewall: options RANDOM_IP_ID options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Can someone explain to me why the TCP_DROP_SYNFIN option breaks web access? It doesn't seem to have made any changes that I have noticed. I can't find any docs regarding this to explain what it might break. Does anyone know any other variables to add to make me more secure? Thanks in advance Gordon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001001c31b0b$efe77720$c700a8c0>