I cleaned up the previously posted patches, tested them a little more,
and added a sysctl knob for logging SYN+FIN packets (before optionally
dropping them).
A FreeBSD 4.0-CURRENT machine with these patches and no firewall looks
like this to nmap (with tcp.drop_synfin and tcp.restrict_rst enabled)
I cleaned up the previously posted patches, tested them a little more,
and added a sysctl knob for logging SYN+FIN packets (before optionally
dropping them).
A FreeBSD 4.0-CURRENT machine with these patches and no firewall looks
like this to nmap (with tcp.drop_synfin and tcp.restrict_rst enabled
Attached are patches which implement four new sysctl variables:
* net.inet.icmp.dropredirect: if set to 1, ignore ICMP REDIRECT
packets.
* net.inet.icmp.logredirect: if set to 1, log all ICMP REDIRECT
packets (before optionally dropping them).
* net.inet.tcp.restrict_rst: if set to 1, d
Attached are patches which implement four new sysctl variables:
* net.inet.icmp.dropredirect: if set to 1, ignore ICMP REDIRECT
packets.
* net.inet.icmp.logredirect: if set to 1, log all ICMP REDIRECT
packets (before optionally dropping them).
* net.inet.tcp.restrict_rst: if set to 1,
4 matches
Mail list logo
