Date: Fri, 11 Jun 1999 16:24:37 -0700 (PDT) From: freebsd <freebsd@unreal.gatekeep.net> To: matt <matt@AIC-GW.MLINK.NET> Cc: Nick Rogness <nick@rapidnet.com>, "Jason L. Schwab" <jschwab@royal.net>, Pete Fritchman <petef@netreach.net>, ghandi@mindless.com, freebsd-security@FreeBSD.ORG Subject: Re: firewalls Message-ID: <Pine.BSF.4.05.9906111622500.37099-100000@unreal.gatekeep.net> In-Reply-To: <Pine.BSF.4.10.9906111921410.2521-100000@aic-gw.mlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, 20 is low, but don't forget he was on a dialup... a dialup connection can't handle that much. I was only saying for his purposes. for a t1+ 100-200 limit is about right On Fri, 11 Jun 1999, matt wrote: > On Fri, 11 Jun 1999, freebsd wrote: > > : I suggest installing ICMP_BANDLIM into the kernel (gret LINT) and setting > : it to about 20... sysctl -w net.inet.icmp.icmplim=20 > > I use both patches, they work nicely, however, I set the limits at 200 for > both on bootup with sysctl.. I think the default of 100 is a lil low, and > 20 lord. a portscan would trip that off like crazy. Course, I run > portsentry with ipfw to handle those *grin* .. Still though, 20 might be > a bit low... > > : Also for syn floods, i suggest going to geek-girl.com and getting the new > : syn protection patch for FreeBSD, it works, you also set it via sysctl... > > [...] > > Matt > > -- > DISCLAIMER: Anyone sending me unsolicited commercial electronic mail > automatically agrees to be held to the following legal terms: > > US Code Title 47, Sec.227(a)(2)(B), a computer/modem/printer meets the > definition of a telephone fax machine. By Sec.227(b)(1)(C), it is > unlawful to send any unsolicited advertisement to such equipment. By > Sec.227(b)(3)(C), a violation of the aforementioned Section is punishable > by action to recover actual monetary loss, or $500, whichever is greater, > for each violation. > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9906111622500.37099-100000>