From owner-freebsd-ipfw Thu Nov 30 15: 9:30 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from virtual.sysadmin-inc.com (lists.sysadmin-inc.com [209.16.228.140]) by hub.freebsd.org (Postfix) with ESMTP id 5561337B401 for ; Thu, 30 Nov 2000 15:09:28 -0800 (PST) Received: from wkst ([209.16.228.146]) by virtual.sysadmin-inc.com (8.9.1/8.9.1) with SMTP id SAA08092 for ; Thu, 30 Nov 2000 18:10:52 -0500 Reply-To: From: "Peter Brezny" To: Subject: sysctl variables Date: Thu, 30 Nov 2000 18:08:32 -0800 Message-ID: <007501c05b3b$9b3f7840$46010a0a@sysadmininc.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook CWS, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG The ipfw man page mentions that dynamic rulesets are vulnerable to SYN-flood attacks, but that this can be controlled to some degree by 'acting on a set of sysctl(8) variables...' I've not found any informaiton dealing specifically with detting good sysctl variables for a stateful firewall. If you have some pointers... TIA Peter Brezny SysAdmin Services Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message