Date: Sat, 10 Feb 2001 12:59:50 +0200 From: Ruslan Ermilov <ru@sunbay.com> To: Dennis Jun <dennisjun@home.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole Message-ID: <20010210125950.A79889@sunbay.com> In-Reply-To: <369501c0934e$c51c43f0$0300a8c0@wilma>; from dennisjun@home.com on Sat, Feb 10, 2001 at 05:46:48AM -0500 References: <369501c0934e$c51c43f0$0300a8c0@wilma>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Feb 10, 2001 at 05:46:48AM -0500, Dennis Jun wrote: > What is the difference between these two options? > net.inet.tcp.restrict_rst: 1 vs net.inet.tcp.blackhole: 2 ?? It seems to > me they both do the same thing. Plus, how would you turn on blackhole at > startup? I don't see a line for it in /etc/defaults/rc.conf . > tcp.restrict_rst restricts emitting of RSTs only if it is believed that the system is currently under the SYN flood attack (the amount of previously emitted RSTs is too high), while tcp.blackhole totally disables emitting of RSTs (see blackhole(4) and LINT for details). Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010210125950.A79889>