network security sysctl mib's

[fbsd_user]

The sysctl.conf file contains MIB's to change the default setting of
internal options of the kernel at boot up time.
I have found these MIB's when I display all the sysctl's.

These deal with how packets entering the FBSD system are handled by
default.
There are no man info on any MIB's.

I an looking for an description of what these do and
why I would want to turn them on.

There must be some network security reason or problem
that these address or they would not have been created
in the first place.

Are these MIB's only intended to be used on FBSD systems
that do not have firewalls?

When do these MIB's get control
in the kernel, as they relate to IPFW or IPFILTER
firewall seeing the packets?
[IE: do they all process against the packet before the packet
is handed off to the firewall or after the firewall has done
it's thing and hands the packet back to the kernel?].

Since these are network security MIB's why are they not documented
someplace?
They can have an large impact on the security of one's FBSD system,
and should be made known to the general administrator of the FBSD
system and the firewall administrator.

I know I need an FBSD developer who makes code changes to the kernel
to review the internal FBSD kernel code to answer these questions. I
hope someone will help me in this.

net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=0
net.inet.ip.redirect=0

net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0

net.inet.icmp.bmcastecho=0

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

net.inet.tcp.log_in_vain=1
net.inet.udp.log_in_vain=1