Geoff Rehmet writes: > > : Not that easily.. how are you going to make ipfw dynamically know > > : which ports have listeners and which don't? > > > > By filtering all RST packets? > > My view was that this is much simpler than filtering packets - > never generate the packet. My guess is that it creates lower > overheads. In some instances, I don't want to look at every > packet (which in effect happens with a packet filter). Plus, packets with RST in them are used for other purposes besides rejecting new incoming connections.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
- Re: Dropping connections without RST Daniel O'Connor
- Re: Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RS... Rodney W. Grimes
- Re: Dropping connections without RST Matt Crawford
- Re: Dropping connections without RST Leif Neland
- Re: Dropping connections without RST Ollivier Robert
- Re: Dropping connections without RS... Daniel O'Connor
- Re: Dropping connections without RST Warner Losh
- Re: Dropping connections without RST Garrett Wollman
- RE: Dropping connections without RST Geoff Rehmet
- RE: Dropping connections without RST Archie Cobbs
- RE: Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RST Rodney W. Grimes
- RE: Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RST John Polstra
- RE: Dropping connections without RST Geoff Rehmet
- Re: Dropping connections without RST Matt Crawford
- Teergrubes [was Re: Dropping connections without RST... Joel Ray Holveck
- RE: Dropping connections without RST Geoff Rehmet
- RE: Dropping connections without RST Peter Jeremy
