Date: Sun, 24 Sep 2006 14:54:48 +0300 From: Anton - Valqk <valqk@lozenetz.org> To: Joerg Pernfuss <elessar@bsdforen.de> Cc: freebsd-stable@freebsd.org Subject: Re: ipstealth question. Message-ID: <45167208.7070502@lozenetz.org> In-Reply-To: <20060924131838.23bb9ffc@loki.starkstrom.lan> References: <451666C9.6060902@lozenetz.org> <20060924131838.23bb9ffc@loki.starkstrom.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
You are absolutely right but stealth is a strictly so, I you don't want a ttl change simply don't set net.inet.ip.stealth=1 I was just wondering... Joerg Pernfuss wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Sun, 24 Sep 2006 14:06:49 +0300 > Anton - Valqk <valqk@lozenetz.org> wrote: > > >> Hi group, >> I was wondering is option >> >> options IPSTEALTH >> >> not in the GENERIC on purpose? >> > > Without knowing the exact number, I am sure not decrementing the > TTL violates at least one RFC. Imagine some datacenter with lots > of FreeBSD installations and IPSTEALTH part of GENERIC. > Ideally they do their routing via FreeBSD/netgraph too. > > Packets won't die, especially if they have a loop somewhere. > > Joerg > - -- > | /"\ ASCII ribbon | GnuPG Key ID | e86d b753 3deb e749 6c3a | > | \ / campaign against | 0xbbcaad24 | 5706 1f7d 6cfd bbca ad24 | > | X HTML in email | .the next sentence is true. | > | / \ and news | .the previous sentence was a lie. | > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2.2 (FreeBSD) > > iD8DBQFFFmmOH31s/bvKrSQRAoPAAJ4wod2pT6Irr8AzhF7M4LRaXJZ7TwCdGwQi > y0kNNpGp0xG96o11YxfE2a8= > =MXk6 > -----END PGP SIGNATURE----- > > !DSPAM:45166995563711581215491! > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45167208.7070502>