Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 May 2004 12:51:47 +0200
From:      Jeremie LE HEN <le-hen_j@epita.fr>
To:        Richard Coleman <richardcoleman@mindspring.com>
Cc:        freebsd-net@freebsd.org
Subject:   Re: cvs commit: src/sys/netinet ip_fastfwd.c ip_input.c ip_var.h
Message-ID:  <20040510105147.GA6402@rocco.epita.fr>
In-Reply-To: <409D20C8.6090105@mindspring.com>
References:  <200405061846.i46Ik3Jc060969@repoman.freebsd.org> <20040506185854.GB1777@madman.celabo.org> <20040507072031.GA48708@hub.freebsd.org> <200405070755.36055.sam@errno.com> <20040508152531.GA96827@hub.freebsd.org> <20040508101459.A98855@xorpc.icir.org> <409D20C8.6090105@mindspring.com>

next in thread | previous in thread | raw e-mail | index | archive | help
> A quick glance raises this question about net.inet.tcp.blackhole, 
> net.inet.udp.blackhole, IPSTEALTH, and TCP_DROP_SYNFIN.  I'm sure there 
> are others.

I agree for the IPSTEALTH and TCP_DROP_SYNFIN options, but *.blackhole
options are quite useful if you want to open a range of port (for
example FTP passive port range) without appearing as non-firewalled.
This feature cannot be achieved using one of the available packet
filters on FreeBSD.

Regards,
-- 
Jeremie LE HEN aka TtZ/TataZ                          jeremie.le-hen@epita.fr
                                                                 ttz@epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040510105147.GA6402>