Date: Mon, 1 Dec 2003 14:59:08 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: network security sysctl mib's Message-ID: <MIEPLLIBMLEEABPDBIEGOECCEPAA.fbsd_user@a1poweruser.com>
next in thread | raw e-mail | index | archive | help
The sysctl.conf file contains MIB's to change the default setting of internal options of the kernel at boot up time. I have found these MIB's when I display all the sysctl's. These deal with how packets entering the FBSD system are handled by default. There are no man info on any MIB's. I an looking for an description of what these do and why I would want to turn them on. There must be some network security reason or problem that these address or they would not have been created in the first place. Are these MIB's only intended to be used on FBSD systems that do not have firewalls? When do these MIB's get control in the kernel, as they relate to IPFW or IPFILTER firewall seeing the packets? [IE: do they all process against the packet before the packet is handed off to the firewall or after the firewall has done it's thing and hands the packet back to the kernel?]. Since these are network security MIB's why are they not documented someplace? They can have an large impact on the security of one's FBSD system, and should be made known to the general administrator of the FBSD system and the firewall administrator. I know I need an FBSD developer who makes code changes to the kernel to review the internal FBSD kernel code to answer these questions. I hope someone will help me in this. net.inet.icmp.drop_redirect=1 net.inet.icmp.log_redirect=0 net.inet.ip.redirect=0 net.inet.ip.sourceroute=0 net.inet.ip.accept_sourceroute=0 net.inet.icmp.bmcastecho=0 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.tcp.log_in_vain=1 net.inet.udp.log_in_vain=1
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGOECCEPAA.fbsd_user>