From owner-freebsd-questions Sat Feb 10 10: 1: 0 2001 Delivered-To: freebsd-questions@freebsd.org Received: from relay4.inwind.it (relay4.inwind.it [212.141.53.75]) by hub.freebsd.org (Postfix) with ESMTP id CCB3837B401 for ; Sat, 10 Feb 2001 10:00:42 -0800 (PST) Received: from bartequi.ottodomain.org (62.98.171.101) by relay4.inwind.it (5.1.056) id 3A6DB81B0053B979; Sat, 10 Feb 2001 19:00:37 +0100 From: Salvo Bartolotta Date: Sat, 10 Feb 2001 18:03:51 GMT Message-ID: <20010210.18035100@bartequi.ottodomain.org> Subject: Re: net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole To: "Dennis Jun" Cc: References: <369501c0934e$c51c43f0$0300a8c0@wilma> X-Mailer: SuperCalifragilis X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 2/10/01, 11:46:48 AM, "Dennis Jun" wrote regarding net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole: > What is the difference between these two options? > net.inet.tcp.restrict_rst: 1 vs net.inet.tcp.blackhole: 2 ?? It seems > to me they both do the same thing. Plus, how would you turn on > blackhole at startup? I don't see a line for it in > /etc/defaults/rc.conf . /usr/src/sys/i86/conf/LINT:
# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST # packets. # This is useful on systems which are exposed to SYN floods (e.g. IRC # servers) # or any system which one does not want to be easily portscannable. # options TCP_RESTRICT_RST #restrict emission of TCP RST
man blackhole. As to your second question, please man 8 sysctl, man sysctl.conf. But you might also be interested in man 3 sysctl. HTH, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message