tcp blackhole and ident

J.D. Bronson jbronson at lonebandit.com
Sat Jan 31 05:32:55 PST 2004


I have a question. I setup the following in sysctl.conf:

net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1

..Well this works, but now I have a new issue.
I run sendmail and as such, need to allow TCP 113 into this machine
and yet get CONNECTION REFUSED. - I dont want to run IDENT, but
need to still get the CONNECTION REFUSED...

Currently (and as expected) the packets drop forever.

Any ideas on how I can have the best of both worlds?

In additon, what is the best security setting for:

net.inet.tcp.icmp_may_rst=1 or 0 ?


Thanks!




-- 
J.D. Bronson - "LoneBandit"
Aurora Health Care // Information Services // Milwaukee, WI USA
Office: 414.978.8282 // Email: jd at aurora.org // Pager: 414.314.8282



More information about the freebsd-questions mailing list