From owner-freebsd-questions@FreeBSD.ORG Sat Jan 31 05:32:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9D05A16A4CE for ; Sat, 31 Jan 2004 05:32:55 -0800 (PST) Received: from cheyenne.wixb.com (cheyenne.wixb.com [65.43.82.170]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7397943D2F for ; Sat, 31 Jan 2004 05:32:37 -0800 (PST) (envelope-from jbronson@lonebandit.com) Received: from thinkpad.lonebandit.com (thinkpad.wixb.com [10.43.82.5]) (authenticated bits=0)i0VDWaPx006088 for ; Sat, 31 Jan 2004 07:32:36 -0600 (CST) Message-Id: <6.0.2.0.2.20040131072955.00b54ee8@cheyenne.wixb.com> Date: Sat, 31 Jan 2004 07:32:36 -0600 To: freebsd-questions@freebsd.org From: "J.D. Bronson" Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-Miltered: at cheyenne.wixb.com with ID 401BAE74.000 by j-chkmail Subject: tcp blackhole and ident X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Jan 2004 13:32:55 -0000 I have a question. I setup the following in sysctl.conf: net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 ..Well this works, but now I have a new issue. I run sendmail and as such, need to allow TCP 113 into this machine and yet get CONNECTION REFUSED. - I dont want to run IDENT, but need to still get the CONNECTION REFUSED... Currently (and as expected) the packets drop forever. Any ideas on how I can have the best of both worlds? In additon, what is the best security setting for: net.inet.tcp.icmp_may_rst=1 or 0 ? Thanks! -- J.D. Bronson - "LoneBandit" Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: jd@aurora.org // Pager: 414.314.8282