Date: Mon, 10 May 2004 12:51:47 +0200 From: Jeremie LE HEN <le-hen_j@epita.fr> To: Richard Coleman <richardcoleman@mindspring.com> Cc: freebsd-net@freebsd.org Subject: Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h Message-ID: <20040510105147.GA6402@rocco.epita.fr> In-Reply-To: <409D20C8.6090105@mindspring.com> References: <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <20040506185854.GB1777@madman.celabo.org> <20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org> <20040508101459.A98855@xorpc.icir.org> <409D20C8.6090105@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> A quick glance raises this question about net.inet.tcp.blackhole,
> net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN. I'm sure there
> are others.
I agree for the IPSTEALTH and TCP_DROP_SYNFIN options, but *.blackhole
options are quite useful if you want to open a range of port (for
example FTP passive port range) without appearing as non-firewalled.
This feature cannot be achieved using one of the available packet
filters on FreeBSD.
Regards,
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen@epita.fr
ttz@epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040510105147.GA6402>