Skip site navigation (1)Skip section navigation (2) 
Date:      21 Apr 2000 02:48:35 -0000
From:      matt@arpa.mail.net
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   conf/18124: small patch to defaults/rc.conf to prevent confusion.
Message-ID:  <20000421024835.73415.qmail@epsilon.lucida.qc.ca>
next in thread | raw e-mail | index | archive | help 


>Number:         18124
>Category:       conf
>Synopsis:       defaults/rc.conf is unclear about tcp_drop_synfyn and tcp_restrict_rst
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 20 19:50:01 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator:     Matt Heckaman
>Release:        FreeBSD 4.0-STABLE i386 and FreeBSD 3.4-STABLE i386
>Organization:
Lucida Communications
>Environment:

FreeBSD 4.0 and FreeBSD 3.4, as well as all others that support the options
tcp_drop_synfyn and tcp_restrict_rst.

>Description:

To enable tcp_drop_synfyn and tcp_resrict_rst, you must have the options
TCP_DROP_SYNFIN and TCP_RESTRICT_RST set in your kernel. Since I am not the
only one who was confused about this matter, I felt it might be a good idea
to submit a change request on the rc.conf file.

>How-To-Repeat:

N/A

>Fix:

This is a diff against 4.0-STABLE Apr 19, but the idea is the same across
the entire board.

--- rc.conf.orig        Thu Apr 20 22:38:14 2000
+++ rc.conf     Thu Apr 20 22:41:09 2000
@@ -14,6 +14,7 @@
 #
 # All arguments must be in double or single quotes.
 #
+# $FreeBSD$
 # $FreeBSD: src/etc/defaults/rc.conf,v 1.53.2.3 2000/04/15 11:02:40 iwasaki Exp $
 
 ##############################################################
@@ -55,6 +56,9 @@
 tcp_extensions="NO"            # Set to YES to turn on RFC1323 extensions.
 log_in_vain="NO"               # YES to log connects to ports w/o listeners.
 tcp_keepalive="YES"            # Enable stale TCP connection timeout (or NO).
+#
+# For the following two options, you need to have TCP_DROP_SYNFIN and
+# TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details.
 tcp_drop_synfin="NO"           # Set to YES to drop TCP packets with SYN+FIN
                                # NOTE: this breaks rfc1644 extensions (T/TCP)
 tcp_restrict_rst="NO"          # Set to YES to restrict emission of RST

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000421024835.73415.qmail>