>
> Geoff Rehmet writes:
> > > : Not that easily.. how are you going to make ipfw
> dynamically know
> > > : which ports have listeners and which don't?
> > >
> > > By filtering all RST packets?
> >
> > My view was that this is much simpler than filtering packets -
> > never generate the packet. My guess is that it creates lower
> > overheads. In some instances, I don't want to look at every
> > packet (which in effect happens with a packet filter).
>
> Plus, packets with RST in them are used for other purposes besides
> rejecting new incoming connections..
True, my implementation is specific that I only omit generating
a RST when the icoming segment is a SYN. All other instances
where you would generate a RST are left alone, and carry on
behaving as before - otherwise you might break TCP behaviour.
Geoff.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
