FreeBSD Bugzilla – Attachment 9752 Details for
Bug 19841
Change to dialup firewalling article
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 1.74 KB, created by
Marc Silver
on 2000-07-11 08:30:00 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Marc Silver
Created:
2000-07-11 08:30:00 UTC
Size:
1.74 KB
patch
obsolete
>--- original.sgml Mon Jun 26 13:30:35 2000 >+++ article.sgml Tue Jul 11 09:24:09 2000 >@@ -96,6 +96,36 @@ > </varlistentry> > </variablelist> > >+ <para>There are also some other OPTIONAL items that you can compile >+ into the kernel for some added security. These are not required in >+ order to get firewalling to work, but some more paranoid users may >+ want to use them.</para> >+ >+ <variablelist> >+ <varlistentry> >+ <term><literal>options TCP_RESTRICT_RST</literal></term> >+ >+ <listitem> >+ <para>This option blocks all TCP RST packets. This is >+ best used for systems that might be exposed to SYN >+ flooding (IRC Servers are a good example) or for those who >+ do not want to be easily portscannable.</para> >+ </listitem> >+ </varlistentry> >+ >+ <varlistentry> >+ <term><literal>options TCP_DROP_SYNFIN</literal></term> >+ >+ <listitem> >+ <para>This option ignores TCP packets with SYN and FIN. This >+ prevents tools such as nmap etc from identifying the TCP/IP >+ stack of the machine, but breaks support for RFC1644 >+ extensions. This is NOT recommended if the machine will be >+ running web server.</para> >+ </listitem> >+ </varlistentry> >+ </variablelist> >+ > <para>Don't reboot once you have recompiled the kernel. Hopefully, we will > need to reboot just once in order to complete the installing of the > firewall.</para> >@@ -113,7 +143,8 @@ > firewall_script="/etc/firewall/fwrules" > natd_enable="YES" > natd_interface="tun0" >-natd_flags="-dynamic"</programlisting> >+natd_flags="-dynamic" >+natd_flags="-dynamic yes" #(For FreeBSD 3.5)</programlisting> > > <para>For more information on what the above do take a look at > <filename>/etc/defaults/rc.conf</filename> and read
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9752">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 19841
: 9752