Date: Mon, 11 Jun 2001 18:06:04 +0200 From: "Karsten W. Rohrbach" <karsten@rohrbach.de> To: Kirill Ponomarew <ponomare@uni-duesseldorf.de> Cc: Nuno Teixeira <nuno.teixeira@pt-quorum.com>, freebsd-stable@FreeBSD.ORG Subject: Re: "unknown option "TCP_RESTRICT_RST" ?" Message-ID: <20010611180604.E17891@mail.webmonster.de> In-Reply-To: <20010610222913.A14307@uni-duesseldorf.de>; from ponomare@uni-duesseldorf.de on Sun, Jun 10, 2001 at 10:29:13PM %2B0200 References: <20010610204038.R55770-100000@gateway.bogus> <20010610222913.A14307@uni-duesseldorf.de>
next in thread | previous in thread | raw e-mail | index | archive | help
--zjcmjzIkjQU2rmur
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Kirill Ponomarew(ponomare@uni-duesseldorf.de)@2001.06.10 22:29:13 +0000:
> On Sun, Jun 10, 2001 at 09:05:26PM +0100, Nuno Teixeira wrote:
> > Hello to all,
> >=20
> > I allways used TCP_RESTRICT_RST on my firewall/kernel configuration. I'm
> > tracking STABLE and the last build was on 2001-06-06. Today, 2001-06-10,
> > when I'm make buildkernel I got the error: ""unknown option
> > "TCP_RESTRICT_RST" ".
> >=20
> > Does this option has been deprecated?
>=20
> [from cvs-all]
>=20
> Date: Sat, 9 Jun 2001 09:18:15 -0700 (PDT)
> From: Dag-Erling Smorgrav <des@FreeBSD.ORG>
> Log: MFC: Nuke the TCP_RESTRICT_RST option.
>=20
> [/from cvs-all]
fyi, this options actually is deprecated.
see blackhole(4) and put the appropriate values in /etc/sysctl.conf,
eg.:
rohrbach@WM:datasink[~]17% cat /etc/sysctl.conf=20
net.inet.tcp.blackhole=3D2
net.inet.udp.blackhole=3D1
which does not emit anything anymore that appears to hit closed ports
(no process listening there). it silently discards packets, read the
docs twice before using it, you have been warned :-)
/k
--=20
> May the source be with you!
KR433/KR11-RIPE -- WebMonster Community Founder -- nGENn GmbH Senior Techie
http://www.webmonster.de/ -- ftp://ftp.webmonster.de/ -- http://www.ngenn.n=
et/
karsten&rohrbach.de -- alpha&ngenn.net -- alpha&scene.org -- catch@spam.de
GnuPG 0x2964BF46 2001-03-15 42F9 9FFF 50D4 2F38 DBEE DF22 3340 4F4E 2964 B=
F46
--zjcmjzIkjQU2rmur
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
iD8DBQE7JOxsM0BPTilkv0YRAn42AJ9pwZLYYrbzca7sgpuugrK7Cp0pyQCgsqpy
JRje3sSPFbvP5DJHi686uAI=
=mN0E
-----END PGP SIGNATURE-----
--zjcmjzIkjQU2rmur--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010611180604.E17891>