From owner-freebsd-security Thu May 10 2: 9:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id 8229237B423 for ; Thu, 10 May 2001 02:09:20 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id LAA64594; Thu, 10 May 2001 11:09:07 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "Retal" Cc: Subject: Re: Some Kernel options References: <002601ba1df7$4da07940$b88f39d5@a> From: Dag-Erling Smorgrav Date: 10 May 2001 11:09:06 +0200 In-Reply-To: <002601ba1df7$4da07940$b88f39d5@a> Message-ID: Lines: 27 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.7 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "Retal" writes: > options KBD_INSTALL_CDEV # install a CDEV entry in /dev This option has no (visible) effect unless you use a USB keyboard. > options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN This option has no effect unless you set tcp_drop_synfin="YES" in /etc/rc.conf. > options TCP_RESTRICT_RST #restrict emission of TCP RST Don't. Use blackhole(4) instead. > options ICMP_BANDLIM This option has an easily demonstrable effect: try running 'nmap -sS' against your machine. > BTW: if i add TCP_DROP_SYNFIN, it should effect setup option in my > firewall ?if it is, how ? See the rc.conf(5) man page. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message