From owner-freebsd-stable  Thu Jan 20 22:36:29 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from tetron02.tetronsoftware.com (ftp.tetronsoftware.com [208.236.46.106])
	by hub.freebsd.org (Postfix) with ESMTP id CEBE015156
	for <stable@FreeBSD.ORG>; Thu, 20 Jan 2000 22:36:23 -0800 (PST)
	(envelope-from zeus@tetronsoftware.com)
Received: from tetron02.tetronsoftware.com (tetron02.tetronsoftware.com [208.236.46.106])
	by tetron02.tetronsoftware.com (8.9.3/8.9.3) with ESMTP id AAA00841;
	Fri, 21 Jan 2000 00:39:44 -0600 (CST)
	(envelope-from zeus@tetronsoftware.com)
Date: Fri, 21 Jan 2000 00:39:44 -0600 (CST)
From: Gene Harris <zeus@tetronsoftware.com>
To: matt <matt@ARPA.MAIL.NET>
Cc: FreeBSD-STABLE <stable@FreeBSD.ORG>
Subject: Re: Restricting RST & Dropping SYN/FIN (was; stream.c)
In-Reply-To: <Pine.BSF.4.21.0001210059470.5056-100000@w01.arpa-canada.net>
Message-ID: <Pine.BSF.4.10.10001210037290.620-100000@tetron02.tetronsoftware.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Fri, 21 Jan 2000, matt wrote:

>  
>  curious.. on 3.4-stable, cvsupped Dec. 29 1999, defaults/rc.conf has;
>  
>  TCP_DROP_SYNFIN and TCP_RESTRICT_RST, which point to:
>  
>  sysctl net.inet.tcp.drop_synfin and net.inet.tcp.restrict_rst, However:
>  
>  root[w01]:~# sysctl -w net.inet.tcp.restrict_rst=1
>  sysctl: unknown oid 'net.inet.tcp.restrict_rst'
>  root[w01]:~# sysctl -w net.inet.tcp.drop_synfin=1
>  sysctl: unknown oid 'net.inet.tcp.drop_synfin'
>  

I think you forgot to compile the options into your kernel.

options TCP_DROP_SYNFIN
options	TCP_RESTRICT_RST

Adding this should do the trick.

Gene



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message