Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 11 Jun 2001 18:06:04 +0200
From:      "Karsten W. Rohrbach" <karsten@rohrbach.de>
To:        Kirill Ponomarew <ponomare@uni-duesseldorf.de>
Cc:        Nuno Teixeira <nuno.teixeira@pt-quorum.com>, freebsd-stable@FreeBSD.ORG
Subject:   Re: "unknown option "TCP_RESTRICT_RST" ?"
Message-ID:  <20010611180604.E17891@mail.webmonster.de>
In-Reply-To: <20010610222913.A14307@uni-duesseldorf.de>; from ponomare@uni-duesseldorf.de on Sun, Jun 10, 2001 at 10:29:13PM %2B0200
References:  <20010610204038.R55770-100000@gateway.bogus> <20010610222913.A14307@uni-duesseldorf.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Kirill Ponomarew(ponomare@uni-duesseldorf.de)@2001.06.10 22:29:13 +0000:
> On Sun, Jun 10, 2001 at 09:05:26PM +0100, Nuno Teixeira wrote:
> > Hello to all,
> > 
> > I allways used TCP_RESTRICT_RST on my firewall/kernel configuration. I'm
> > tracking STABLE and the last build was on 2001-06-06. Today, 2001-06-10,
> > when I'm make buildkernel I got the error: ""unknown option
> > "TCP_RESTRICT_RST" ".
> > 
> > Does this option has been deprecated?
> 
> [from cvs-all]
> 
> Date: Sat, 9 Jun 2001 09:18:15 -0700 (PDT)
> From: Dag-Erling Smorgrav <des@FreeBSD.ORG>
> Log: MFC: Nuke the TCP_RESTRICT_RST option.
> 
> [/from cvs-all]

fyi, this options actually is deprecated.

see blackhole(4) and put the appropriate values in /etc/sysctl.conf,
eg.:

    rohrbach@WM:datasink[~]17% cat /etc/sysctl.conf 
    net.inet.tcp.blackhole=2
    net.inet.udp.blackhole=1

which does not emit anything anymore that appears to hit closed ports
(no process listening there). it silently discards packets, read the
docs twice before using it, you have been warned :-)

/k

-- 
> May the source be with you!
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.net/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE  DF22 3340 4F4E 2964 BF46

[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7JOxsM0BPTilkv0YRAn42AJ9pwZLYYrbzca7sgpuugrK7Cp0pyQCgsqpy
JRje3sSPFbvP5DJHi686uAI=
=mN0E
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010611180604.E17891>