From owner-freebsd-hackers@FreeBSD.ORG  Sun Jul  6 16:13:49 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E750D37B401
	for <hackers@freebsd.org>; Sun,  6 Jul 2003 16:13:49 -0700 (PDT)
Received: from cicero0.cybercity.dk (cicero0.cybercity.dk [212.242.40.52])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0984B43FF5
	for <hackers@freebsd.org>; Sun,  6 Jul 2003 16:13:49 -0700 (PDT)
	(envelope-from db@traceroute.dk)
Received: from user4.cybercity.dk (fxp0.user4.ip.cybercity.dk [212.242.41.50])
	by cicero0.cybercity.dk (Postfix) with ESMTP id 63A5928BE7
	for <hackers@freebsd.org>; Mon,  7 Jul 2003 01:13:47 +0200 (CEST)
Received: from main (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73])
	by user4.cybercity.dk (Postfix) with SMTP id 8F9AB1278AB
	for <hackers@freebsd.org>; Mon,  7 Jul 2003 01:13:46 +0200 (CEST)
Date: Mon, 7 Jul 2003 01:22:05 +0200
From: Socketd <db@traceroute.dk>
To: hackers@freebsd.org
Message-Id: <20030707012205.3103dfc8.db@traceroute.dk>
X-Mailer: Sylpheed version 0.8.10claws (GTK+ 1.2.10; i386-portbld-freebsd4.8)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: 5 "Advanced" networking questions
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jul 2003 23:13:50 -0000

Hi all

1. Reading "man blackhole" I found that net.inet.udp.blackhole=1 will
prevent traceroute. Is this only if the host is the end target? or will
it simply disable sending an ICMP packet when it get's a packet with
ttl=1?

2. Does net.inet.icmp.drop_redirect drop all redirects?
	Redirect datagrams for the Network.
	Redirect datagrams for the Host.
	Redirect datagrams for the Type of Service and Network.
	Redirect datagrams for the Type of Service and Host.

3. What is the difference between net.inet.ip.redirect and the above?

4. There is a net.inet.icmp.maskrepl, but can you also disable
timestamp, echo request and information request messages the same way or
do I need a firewall for that?

5. In order to drop SYN-FIN packets, do I need to compile the kernel
with "options	TCP_DROP_SYNFIN" or can I just use "tcp_drop_synfin="YES"" in
/etc/rc.conf? Is there a net.inet.tcp.??  I can use instead of the above
suggestions?

br
socketd