tcp blackhole and ident
J.D. Bronson
jbronson at lonebandit.com
Sat Jan 31 05:32:55 PST 2004
I have a question. I setup the following in sysctl.conf:
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
..Well this works, but now I have a new issue.
I run sendmail and as such, need to allow TCP 113 into this machine
and yet get CONNECTION REFUSED. - I dont want to run IDENT, but
need to still get the CONNECTION REFUSED...
Currently (and as expected) the packets drop forever.
Any ideas on how I can have the best of both worlds?
In additon, what is the best security setting for:
net.inet.tcp.icmp_may_rst=1 or 0 ?
Thanks!
--
J.D. Bronson - "LoneBandit"
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jd at aurora.org // Pager: 414.314.8282
More information about the freebsd-questions
mailing list