Date: Mon, 30 Nov 1998 23:28:48 -0800 (PST) From: Matthew Dillon <dillon@apollo.backplane.com> To: David Greenman <dg@root.com> Cc: freebsd-current@FreeBSD.ORG Subject: Re: D.O.S. attack protection enhancements commit (ICMP_BANDLIM) Message-ID: <199812010728.XAA03814@apollo.backplane.com> References: <199812010714.XAA26714@root.com>
next in thread | previous in thread | raw e-mail | index | archive | help
:general scheme implemented perhaps inside the ipfw framework would be more
:appropriate. I also generally like to avoid compile time options for things
:like this, but I"m sympathetic for performance reducing enhancements.
:
:-DG
I think trying to fold this into ipfw is overkill. I can think of no
reason why you might want to turn the feature on for some cases and off
for others, especially considering that the original packet might have
been spoofed and thus can cause the ICMP reply to go out any interface.
It would be an unnecessary complication to ipfw.
-Matt
:David Greenman
:Co-founder/Principal Architect, The FreeBSD Project
:
:To Unsubscribe: send mail to majordomo@FreeBSD.org
:with "unsubscribe freebsd-current" in the body of the message
:
Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet
Communications & God knows what else.
<dillon@backplane.com> (Please include original email in any response)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812010728.XAA03814>