From owner-freebsd-current Mon Nov 30 23:29:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA25526 for freebsd-current-outgoing; Mon, 30 Nov 1998 23:29:10 -0800 (PST) (envelope-from owner-freebsd-current@FreeBSD.ORG) Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA25507 for ; Mon, 30 Nov 1998 23:29:06 -0800 (PST) (envelope-from dillon@apollo.backplane.com) Received: (from dillon@localhost) by apollo.backplane.com (8.9.1/8.9.1) id XAA03814; Mon, 30 Nov 1998 23:28:48 -0800 (PST) (envelope-from dillon) Date: Mon, 30 Nov 1998 23:28:48 -0800 (PST) From: Matthew Dillon Message-Id: <199812010728.XAA03814@apollo.backplane.com> To: David Greenman Cc: freebsd-current@FreeBSD.ORG Subject: Re: D.O.S. attack protection enhancements commit (ICMP_BANDLIM) References: <199812010714.XAA26714@root.com> Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG :general scheme implemented perhaps inside the ipfw framework would be more :appropriate. I also generally like to avoid compile time options for things :like this, but I"m sympathetic for performance reducing enhancements. : :-DG I think trying to fold this into ipfw is overkill. I can think of no reason why you might want to turn the feature on for some cases and off for others, especially considering that the original packet might have been spoofed and thus can cause the ICMP reply to go out any interface. It would be an unnecessary complication to ipfw. -Matt :David Greenman :Co-founder/Principal Architect, The FreeBSD Project : :To Unsubscribe: send mail to majordomo@FreeBSD.org :with "unsubscribe freebsd-current" in the body of the message : Matthew Dillon Engineering, HiWay Technologies, Inc. & BEST Internet Communications & God knows what else. (Please include original email in any response) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message