From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 25 06:45:19 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31B0E16A4CE; Tue, 25 Nov 2003 06:45:19 -0800 (PST) Received: from smtp.doruk.net.tr (smtp.doruk.net.tr [212.58.5.248]) by mx1.FreeBSD.org (Postfix) with ESMTP id 935E543FBD; Tue, 25 Nov 2003 06:45:17 -0800 (PST) (envelope-from vahric@doruk.net.tr) Received: from VAHOXP (vahric.doruk.net.tr [212.58.13.17]) by smtp.doruk.net.tr (8.12.8/8.12.8) with ESMTP id hAPEvgXK029964; Tue, 25 Nov 2003 16:57:42 +0200 From: "Vahric MUHTARYAN" To: , Date: Tue, 25 Nov 2003 16:45:05 +0200 Message-ID: <007401c3b362$b6e984f0$110d3ad4@VAHOXP> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2627 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Importance: Normal Subject: ICMP_BANDLIM and TCP_DROP_SYNFIN ?! X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2003 14:45:19 -0000 Hi Everybody I red ipfw documents and I saw that "TCP_DROP_SYNFIN is not recommended for web server" no any explanation about it ?! Do you have any idea for why ?! ICMP_BANDLIM in documents ; "Enable icmp error response bandwith limiting . This will protect from D.O.S. packets attacks" --> Does it means all type of ICMP attacks ?! or another thing if I drope all icmp traffic Do I need to use it ?! Vahric