From owner-freebsd-stable Sun Feb 25 4:44: 7 2001 Delivered-To: freebsd-stable@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id E023637B503 for ; Sun, 25 Feb 2001 04:44:00 -0800 (PST) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id NAA59917; Sun, 25 Feb 2001 13:43:57 +0100 (CET) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: Alexandr Kovalenko Cc: Alex Hayward , freebsd-stable@FreeBSD.ORG Subject: Re: Re[2]: ipfw drop syn+fin References: <15867369422.20010225143757@yahoo.com> From: Dag-Erling Smorgrav Date: 25 Feb 2001 13:43:57 +0100 In-Reply-To: Alexandr Kovalenko's message of "Sun, 25 Feb 2001 14:37:57 +0200" Message-ID: Lines: 13 User-Agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Alexandr Kovalenko writes: > So, as far as I can see there is no risk of turning up TCP_DROP_SYNFIN > on my webserver. I have minimum size of 1 file on my web about 1Kb, > most of the files are ~20-30-40 kb, will it be safe to do drop synfin? The size of the files you serve is irrelevant. It's the size of the requests that matters. But anyway, RFC1644 never went past "experimental", and T/TCP support is off by default in FreeBSD, so blocking SYN+FIN segments won't disable anything. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message