On Sun, Dec 17, 2000 at 10:08:52PM +0100, Jesper Skriver wrote:
> > (2) These same messages are not handled for connections not in
> > SYN-SENT: they ought to be
>
> Well, yes, but the real problem is when sessions are setup, the reason I
> only configured it to affect sessions in SYN-SENT state, was to minimize
> the risk for a DoS.
This should not be treated any differently than a host/net unreachable
message. If filters are (re)loaded while a connection is in progress,
then the ICMP message should serve to tear down the connection.
--
Jacques Vidrine / [EMAIL PROTECTED] / [EMAIL PROTECTED] / [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
