Date: Tue, 17 Aug 1999 00:05:57 -0700 (PDT)
From: Archie Cobbs <archie@whistle.com>
To: geoffr@is.co.za (Geoff Rehmet)
Cc: imp@village.org ('Warner Losh'), archie@whistle.com (Archie Cobbs), brian@CSUA.Berkeley.EDU, current@FreeBSD.ORG
Subject: Re: Dropping connections without RST
Message-ID: <199908170705.AAA02218@bubba.whistle.com>
In-Reply-To: <E3453EC6C52ED3118E7E0090275CD47CFFAFA7@isjhbex.is.co.za> from Geoff Rehmet at "Aug 17, 1999 08:55:23 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Geoff Rehmet writes: > > : Not that easily.. how are you going to make ipfw dynamically know > > : which ports have listeners and which don't? > > > > By filtering all RST packets? > > My view was that this is much simpler than filtering packets - > never generate the packet. My guess is that it creates lower > overheads. In some instances, I don't want to look at every > packet (which in effect happens with a packet filter). Plus, packets with RST in them are used for other purposes besides rejecting new incoming connections.. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199908170705.AAA02218>