Date: Tue, 17 Aug 1999 00:12:21 -0700 (PDT) From: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net> To: geoffr@is.co.za (Geoff Rehmet) Cc: current@FreeBSD.ORG Subject: Re: Dropping connections without RST Message-ID: <199908170712.AAA12247@gndrsh.dnsmgr.net> In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFAFA8@isjhbex.is.co.za> from Geoff Rehmet at "Aug 17, 1999 09:11:13 am"
next in thread | previous in thread | raw e-mail | index | archive | help
[Charset iso-8859-1 unsupported, filtering to ASCII...] > > > > > > This is an ACK. I like those names, the idea is okay given that > > the documentation for it reflects what has been discussed here in > > this thread so folks can understand this is a very simple security > > measure. > Hmm, dumb question for the day - where are things like "log_in_vain" > documented. - And don't anyone say "in /etc/defaults/rc.conf"! > If there is a manpage, I sure as hell haven't found it! > > Looks like I'm volunteering to write a manpage for the net.inet > sysctls - or does one exist? - I sure as hell can't find it! :-), you put your keyboard in it now!!! > > > > > And it works just like a blackhole route does... if no more specfic > > route exists we send the packet to a bit bucket, now someone want > > to make the routing code under ``port routes'' :-) :-)... > That sounds rather like a plug gateway. :-) :-) Yes, exactly, only BETTER... > A kernel level plug gateway would be quite a funky thing though. :-) Not really, given that one could then extend OSPF to pass a new type of route augmented by a port number and cause this stuff to ``just work''. You could do things like multiple redundant servers with automagic equal cost path load balancing for all sorts of stuff. Doing it in user land is currently possible with ipfw divert's, but the kernel already has most of the code in there, including the port demuxer. Okay, I'll put the crack pipe down now.... :-) :-)... I just read that back to myself and realized that this is probably best left to userland code... -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.dnsmgr.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908170712.AAA12247>