From owner-freebsd-questions Sat Feb 10 3: 0:36 2001 Delivered-To: freebsd-questions@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id E2C9437B491 for ; Sat, 10 Feb 2001 03:00:16 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.0/8.11.0) id f1AAxo180422; Sat, 10 Feb 2001 12:59:50 +0200 (EET) (envelope-from ru) Date: Sat, 10 Feb 2001 12:59:50 +0200 From: Ruslan Ermilov To: Dennis Jun Cc: freebsd-questions@FreeBSD.ORG Subject: Re: net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole Message-ID: <20010210125950.A79889@sunbay.com> Mail-Followup-To: Dennis Jun , freebsd-questions@FreeBSD.ORG References: <369501c0934e$c51c43f0$0300a8c0@wilma> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <369501c0934e$c51c43f0$0300a8c0@wilma>; from dennisjun@home.com on Sat, Feb 10, 2001 at 05:46:48AM -0500 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, Feb 10, 2001 at 05:46:48AM -0500, Dennis Jun wrote: > What is the difference between these two options? > net.inet.tcp.restrict_rst: 1 vs net.inet.tcp.blackhole: 2 ?? It seems to > me they both do the same thing. Plus, how would you turn on blackhole at > startup? I don't see a line for it in /etc/defaults/rc.conf . > tcp.restrict_rst restricts emitting of RSTs only if it is believed that the system is currently under the SYN flood attack (the amount of previously emitted RSTs is too high), while tcp.blackhole totally disables emitting of RSTs (see blackhole(4) and LINT for details). Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message