I cleaned up the previously posted patches, tested them a little more,
and added a sysctl knob for logging SYN+FIN packets (before optionally
dropping them).
A FreeBSD 4.0-CURRENT machine with these patches and no firewall looks
like this to nmap (with tcp.drop_synfin and tcp.restrict_rst enabled)
I cleaned up the previously posted patches, tested them a little more,
and added a sysctl knob for logging SYN+FIN packets (before optionally
dropping them).
A FreeBSD 4.0-CURRENT machine with these patches and no firewall looks
like this to nmap (with tcp.drop_synfin and tcp.restrict_rst enabled
2 matches
Mail list logo
