Date: Sat, 10 Feb 2001 18:03:51 GMT From: Salvo Bartolotta <bartequi@inwind.it> To: "Dennis Jun" <dennisjun@home.com> Cc: <freebsd-questions@freebsd.org> Subject: Re: net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole Message-ID: <20010210.18035100@bartequi.ottodomain.org> References: <369501c0934e$c51c43f0$0300a8c0@wilma>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<< On 2/10/01, 11:46:48 AM, "Dennis Jun" <dennisjun@home.com> wrote regarding net.inet.tcp.restrict_rst vs net.inet.tcp.blackhole: > What is the difference between these two options? > net.inet.tcp.restrict_rst: 1 vs net.inet.tcp.blackhole: 2 ?? It seems > to me they both do the same thing. Plus, how would you turn on > blackhole at startup? I don't see a line for it in > /etc/defaults/rc.conf . /usr/src/sys/i86/conf/LINT: <blockquote> # TCP_RESTRICT_RST adds support for blocking the emission of TCP RST # packets. # This is useful on systems which are exposed to SYN floods (e.g. IRC # servers) # or any system which one does not want to be easily portscannable. # options TCP_RESTRICT_RST #restrict emission of TCP RST </blockquote> man blackhole. As to your second question, please man 8 sysctl, man sysctl.conf. But you might also be interested in man 3 sysctl. HTH, Salvo To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010210.18035100>