Date: 10 May 2001 11:09:06 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: "Retal" <lirandb@netvision.net.il> Cc: <freebsd-security@FreeBSD.ORG> Subject: Re: Some Kernel options Message-ID: <xzp7kzplgel.fsf@flood.ping.uio.no> In-Reply-To: <002601ba1df7$4da07940$b88f39d5@a> References: <002601ba1df7$4da07940$b88f39d5@a>
next in thread | previous in thread | raw e-mail | index | archive | help
"Retal" <lirandb@netvision.net.il> writes: > options KBD_INSTALL_CDEV # install a CDEV entry in /dev This option has no (visible) effect unless you use a USB keyboard. > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN This option has no effect unless you set tcp_drop_synfin="YES" in /etc/rc.conf. > options TCP_RESTRICT_RST #restrict emission of TCP RST Don't. Use blackhole(4) instead. > options ICMP_BANDLIM This option has an easily demonstrable effect: try running 'nmap -sS' against your machine. > BTW: if i add TCP_DROP_SYNFIN, it should effect setup option in my > firewall ?if it is, how ? See the rc.conf(5) man page. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzp7kzplgel.fsf>