From owner-freebsd-questions@FreeBSD.ORG  Thu May 15 10:58:50 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 847D137B401
	for <freebsd-questions@freebsd.org>;
	Thu, 15 May 2003 10:58:50 -0700 (PDT)
Received: from gdmckee.com (pc-62-30-47-46-so.blueyonder.co.uk [62.30.47.46])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E9ECE43F3F
	for <freebsd-questions@freebsd.org>;
	Thu, 15 May 2003 10:58:48 -0700 (PDT)
	(envelope-from freebsd@gdmckee.com)
Received: from p2000.gdmckee.home ([192.168.0.199] helo=p2000)
	by gdmckee.com with smtp (Exim 4.14)
	id 19GN09-0009T4-0h
	for freebsd-questions@freebsd.org; Thu, 15 May 2003 18:58:45 +0100
Message-ID: <001001c31b0b$efe77720$c700a8c0@p2000>
From: "G D McKee" <freebsd@gdmckee.com>
To: <freebsd-questions@freebsd.org>
Date: Thu, 15 May 2003 19:00:57 +0100
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Spam-Score: -3.1 (---)
X-Scanner: exiscan for exim4 (http://duncanthrax.net/exiscan/)
	*19GN09-0009T4-0h*Txiv7tOMAHg*
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.1
Subject: Securing FreeBSD
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 15 May 2003 17:58:50 -0000

Hi all

I am trying to secure my freebsd box and avoid giving to much info away =
to port scans.

I have found some site relating to this and have put the following lines =
in /etc/sysctl.conf

net.inet.tcp.blackhole=3D2
net.inet.udp.blackhole=3D1

and added these to the firewall:

options         RANDOM_IP_ID
options         TCP_DROP_SYNFIN         #drop TCP packets with SYN+FIN

Can someone explain to me why the TCP_DROP_SYNFIN option breaks web =
access?  It doesn't seem to have made any changes that I have noticed.  =
I can't find any docs regarding this to explain what it might break.  =
Does anyone know any other variables to add to make me more secure?

Thanks in advance

Gordon