From owner-freebsd-current Tue Aug 17 0: 5:41 1999 Delivered-To: freebsd-current@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 3D2F5155C7 for ; Tue, 17 Aug 1999 00:05:40 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.2/8.9.2) id AAA02218; Tue, 17 Aug 1999 00:05:57 -0700 (PDT) From: Archie Cobbs Message-Id: <199908170705.AAA02218@bubba.whistle.com> Subject: Re: Dropping connections without RST In-Reply-To: from Geoff Rehmet at "Aug 17, 1999 08:55:23 am" To: geoffr@is.co.za (Geoff Rehmet) Date: Tue, 17 Aug 1999 00:05:57 -0700 (PDT) Cc: imp@village.org ('Warner Losh'), archie@whistle.com (Archie Cobbs), brian@CSUA.Berkeley.EDU, current@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Geoff Rehmet writes: > > : Not that easily.. how are you going to make ipfw dynamically know > > : which ports have listeners and which don't? > > > > By filtering all RST packets? > > My view was that this is much simpler than filtering packets - > never generate the packet. My guess is that it creates lower > overheads. In some instances, I don't want to look at every > packet (which in effect happens with a packet filter). Plus, packets with RST in them are used for other purposes besides rejecting new incoming connections.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message