Hi all
1. Reading "man blackhole" I found that net.inet.udp.blackhole=1 will
prevent traceroute. Is this only if the host is the end target? or will
it simply disable sending an ICMP packet when it get's a packet with
ttl=1?
2. Does net.inet.icmp.drop_redirect drop all redirects?
Redirect datagrams for the Network.
Redirect datagrams for the Host.
Redirect datagrams for the Type of Service and Network.
Redirect datagrams for the Type of Service and Host.
3. What is the difference between net.inet.ip.redirect and the above?
4. There is a net.inet.icmp.maskrepl, but can you also disable
timestamp, echo request and information request messages the same way or
do I need a firewall for that?
5. In order to drop SYN-FIN packets, do I need to compile the kernel
with "options TCP_DROP_SYNFIN" or can I just use "tcp_drop_synfin="YES"" in
/etc/rc.conf? Is there a net.inet.tcp.?? I can use instead of the above
suggestions?
br
socketd
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
