Date: Thu, 15 May 2003 19:13:12 +0100 From: Jez Hancock <jez.hancock@munk.nu> To: freebsd-questions@freebsd.org Subject: Re: Securing FreeBSD Message-ID: <20030515181311.GA19054@users.munk.nu> In-Reply-To: <001001c31b0b$efe77720$c700a8c0@p2000> References: <001001c31b0b$efe77720$c700a8c0@p2000>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 15, 2003 at 07:00:57PM +0100, G D McKee wrote: > Can someone explain to me why the TCP_DROP_SYNFIN option breaks web access? It doesn't seem to have made any changes that I have noticed. I can't find any docs regarding this to explain what it might break. Does anyone know any other variables to add to make me more secure? I imagine it breaks the 'keepalive' functionality of various webservers which allows a webserver to keep a connection alive for a certain period of time to save the browser/client having to keep re-establishing a TCP connection when they browse from one page to another on a site. Would be worth checking the RFC that's mentioned (iirc) in the LINT file to confirm this.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030515181311.GA19054>