Then i boot FreeBSD 4.7, not work values in
/etc/sysctl.conf see file - sysctl.jpg. How solve this problem? ##
help me ;/
kinder2000
kinder2000 at mail.ru
Thu Mar 27 17:26:17 PST 2003
Hi, Martin!
28 марта 2003 г., 3:53:06:
MK> * kinder2000 <kinder2000 at mail.ru> [2003-03-26 23.10 +1000]:
>> Hi, !
MK> Hi,
>> Then i boot FreeBSD 4.7, not work values in /etc/sysctl.conf
>> at console i se this messages:
>>
>> Warring: net.ipv4.icmp_ignore_bogus_error_responses=1 does not exist
>> Warring: net.ipv4.conf.all.log_martians=1 does not exist
>> Warring: net.ipv4.conf.all.accept_source_route=0 does not exist
>> Warring: net.ipv4.tcp_syncookies=1 does not exist
>> Warring: net.ipv4.conf.all.send_redirects=0 does not exist
>> Warring: net.ipv4.conf.all.accept_redirects=0 does not exist
>> Warring: net.ipv4.tcp_fin_timeout=30 does not exist
>> Warring: net.ipv4.tcp_keepalive_time=1800 does not exist
>> Warring: net.ipv4.tcp_window_scaling=0 does not exist
>> Warring: net.ipv4.tcp_sack=0 does not exist
>> Warring: net.ipv4.tcp_timestamps=0 does not exist
>> Warring: net.ipv4.tcp_max_syn_backlog=2048 does not exist
>> Warring: net.ipv4.conf.all.forwarding=0 does not exist
>> Warring: net.ipv4.icmp_echo_ignore_broadcasts=1 does not exist
>>
>> How solve this problem?
>> I found articles about anti DoS/Flood atacks.
>> But it not work ;/
MK> Do the values to sysctl you list below exist? Have you checked?
MK> The command "sysctl -a" lists all currently (non-opaque) values. Pipe it
MK> through a pager such as less(1).
MK> Read the sysctl(8) man-page for more info.
>> sysctl.conf
>> ==========================================================================
>> net.ipv4.conf.all.send_redirects=0
>> net.ipv4.conf.all.accept_redirects=0
>> net.ipv4.conf.all.accept_source_route=0
>> net.ipv4.conf.all.mc_forwarding=0
>> net.ipv4.icmp_echo_ignore_broadcasts=1
>> net.ipv4.icmp_ignore_bogus_error_responses=1
>> net.ipv4.conf.all.log_martians=1
>> net.ipv4.conf.all.rp_filter=1
MK> HTH
Thank's!
I read in inet unofficial FreeBSD faq. I think author mistakes in it.
But i have questions about how to make kernel with my values? Not in
/etc/sysctl.conf?
I compile kernel with:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=100
values in sysctl is:
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit:100
But how i can enable in kernel this value?
net.inet.tcp.syncookies: 1
sysctl -a
=========
kern.ostype: FreeBSD
kern.osrelease: 4.7-RELEASE
kern.osrevision: 199506
kern.version: FreeBSD 4.7-RELEASE #0: Mon Mar 24 06:38:54 GMT 2003
root at bsd.localdomain:/usr/src/sys/compile/FOX2
kern.maxvnodes: 6663
kern.maxproc: 756
kern.maxfiles: 1512
kern.argmax: 65536
kern.securelevel: -1
kern.hostname: bsd.localdomain
kern.hostid: 0
kern.clockrate: { hz = 100, tick = 10000, tickadj = 5, profhz = 1024, stathz = 128 }
kern.posix1version: 199309
kern.ngroups: 16
kern.job_control: 1
kern.saved_ids: 0
kern.boottime: { sec = 1048784896, usec = 314708 } Thu Mar 27 17:08:16 2003
kern.domainname:
kern.osreldate: 470000
kern.bootfile: /kernel
kern.maxfilesperproc: 1360
kern.maxprocperuid: 680
kern.dumpdev:
kern.ipc.maxsockbuf: 262144
kern.ipc.sockbuf_waste_factor: 8
kern.ipc.somaxconn: 128
kern.ipc.max_linkhdr: 16
kern.ipc.max_protohdr: 40
kern.ipc.max_hdr: 56
kern.ipc.max_datalen: 156
kern.ipc.nmbclusters: 1248
kern.ipc.semmap: 30
kern.ipc.semmni: 10
kern.ipc.semmns: 60
kern.ipc.semmnu: 30
kern.ipc.semmsl: 60
kern.ipc.semopm: 100
kern.ipc.semume: 10
kern.ipc.semusz: 92
kern.ipc.semvmx: 32767
kern.ipc.semaem: 16384
kern.ipc.shmmax: 33554432
kern.ipc.shmmin: 1
kern.ipc.shmmni: 192
kern.ipc.shmseg: 128
kern.ipc.shmall: 8192
kern.ipc.shm_use_phys: 0
kern.ipc.mbuf_wait: 32
kern.ipc.mbtypes: 15 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0
kern.ipc.nmbufs: 4992
kern.ipc.mcl_pool_max: 0
kern.ipc.mcl_pool_now: 0
kern.ipc.maxsockets: 1512
kern.dummy: 0
kern.ps_strings: 3217031152
kern.usrstack: 3217031168
kern.logsigexit: 1
kern.fallback_elf_brand: -1
kern.init_path: /sbin/init:/sbin/oinit:/sbin/init.bak:/stand/sysinstall
kern.module_path: /;/boot/;/modules/
kern.acct_suspend: 2
kern.acct_resume: 4
kern.acct_chkfreq: 15
kern.cp_time: 35 0 484 12 3230
kern.timecounter.method: 0
kern.timecounter.hardware: TSC
kern.openfiles: 37
kern.kq_calloutmax: 4096
kern.ps_arg_cache_limit: 256
kern.ps_argsopen: 1
kern.randompid: 0
kern.maxusers: 46
kern.ps_showallprocs: 1
kern.shutdown.poweroff_delay: 5000
kern.shutdown.kproc_shutdown_wait: 60
kern.sugid_coredump: 0
kern.coredump: 1
kern.corefile: %N.core
kern.quantum: 100000
kern.ccpu: 1948
kern.fscale: 2048
kern.devstat.numdevs: 1
kern.devstat.generation: 1
kern.devstat.version: 4
kern.disks: ad0
kern.log_wakeups_per_second: 5
kern.log_console_output: 1
kern.msgbuf:
kern.msgbuf_clear: 0
kern.nselcoll: 0
kern.consmute: 0
kern.filedelay: 30
kern.dirdelay: 29
kern.metadelay: 28
kern.minvnodes: 1665
kern.chroot_allow_open_directories: 1
vm.loadavg: { 0.14 0.04 0.01 }
vm.v_free_min: 229
vm.v_free_target: 1028
vm.v_free_reserved: 112
vm.v_inactive_target: 1542
vm.v_cache_min: 1028
vm.v_cache_max: 2056
vm.v_pageout_free_min: 34
vm.pageout_algorithm: 0
vm.swap_enabled: 1
vm.swap_async_max: 4
vm.swap_idle_threshold1: 2
vm.swap_idle_threshold2: 10
vm.v_free_severe: 170
vm.stats.sys.v_swtch: 1585
vm.stats.sys.v_trap: 6930
vm.stats.sys.v_syscall: 25801
vm.stats.sys.v_intr: 8363
vm.stats.sys.v_soft: 466
vm.stats.vm.v_vm_faults: 9841
vm.stats.vm.v_cow_faults: 2562
vm.stats.vm.v_cow_optim: 0
vm.stats.vm.v_zfod: 2332
vm.stats.vm.v_ozfod: 2236
vm.stats.vm.v_swapin: 0
vm.stats.vm.v_swapout: 0
vm.stats.vm.v_swappgsin: 0
vm.stats.vm.v_swappgsout: 0
vm.stats.vm.v_vnodein: 171
vm.stats.vm.v_vnodeout: 0
vm.stats.vm.v_vnodepgsin: 1324
vm.stats.vm.v_vnodepgsout: 0
vm.stats.vm.v_intrans: 0
vm.stats.vm.v_reactivated: 66
vm.stats.vm.v_pdwakeups: 0
vm.stats.vm.v_pdpages: 0
vm.stats.vm.v_dfree: 0
vm.stats.vm.v_pfree: 2953
vm.stats.vm.v_tfree: 5455
vm.stats.vm.v_page_size: 4096
vm.stats.vm.v_page_count: 23629
vm.stats.vm.v_free_reserved: 112
vm.stats.vm.v_free_target: 1028
vm.stats.vm.v_free_min: 229
vm.stats.vm.v_free_count: 20245
vm.stats.vm.v_wire_count: 1332
vm.stats.vm.v_active_count: 877
vm.stats.vm.v_inactive_target: 1542
vm.stats.vm.v_inactive_count: 1172
vm.stats.vm.v_cache_count: 3
vm.stats.vm.v_cache_min: 1028
vm.stats.vm.v_cache_max: 2056
vm.stats.vm.v_pageout_free_min: 34
vm.stats.vm.v_interrupt_free_min: 2
vm.stats.vm.v_forks: 142
vm.stats.vm.v_vforks: 2
vm.stats.vm.v_rforks: 0
vm.stats.vm.v_kthreads: 5
vm.stats.vm.v_forkpages: 9445
vm.stats.vm.v_vforkpages: 364
vm.stats.vm.v_rforkpages: 0
vm.stats.vm.v_kthreadpages: 0
vm.stats.misc.zero_page_count: 16322
vm.stats.misc.cnt_prezero: 18545
vm.max_proc_mmap: 6721
vm.msync_flush_flags: 3
vm.max_launder: 32
vm.pageout_stats_max: 1028
vm.pageout_full_stats_interval: 20
vm.pageout_stats_interval: 5
vm.pageout_stats_free_max: 5
vm.swap_idle_enabled: 0
vm.defer_swapspace_pageouts: 0
vm.disable_swapspace_pageouts: 0
vm.pageout_lock_miss: 0
vm.zone:
ITEM SIZE LIMIT USED FREE REQUESTS
PIPE: 160, 0, 2, 100, 90
SWAPMETA: 160, 11814, 0, 0, 0
unpcb: 160, 0, 4, 46, 6
ripcb: 192, 1512, 0, 42, 2
syncache: 160, 15359, 0, 51, 2
tcpcb: 544, 1512, 5, 10, 9
udpcb: 192, 1512, 1, 41, 45
socket: 192, 1512, 10, 32, 62
DIRHASH: 1024, 0, 25, 7, 25
KNOTE: 64, 0, 0, 128, 24
VNODE: 192, 0, 886, 68, 886
NAMEI: 1024, 0, 0, 16, 3177
VMSPACE: 192, 0, 16, 48, 144
PROC: 416, 0, 21, 28, 149
DP fakepg: 64, 0, 0, 0, 0
PV ENTRY: 28, 200334, 3466, 21101, 30937
MAP ENTRY: 48, 0, 227, 156, 5817
KMAP ENTRY: 48, 6035, 60, 153, 362
MAP: 108, 0, 7, 3, 7
VM OBJECT: 96, 0, 354, 70, 2363
vm.zone_kmem_pages: 11
vm.zone_kmem_kvaspace: 11255808
vm.zone_kern_pages: 80
vm.kvm_size: 1069547520
vm.kvm_free: 943718400
vfs.ufs.dirhash_minsize: 2560
vfs.ufs.dirhash_maxmem: 2097152
vfs.ufs.dirhash_mem: 28105
vfs.ufs.dirhash_docheck: 0
vfs.numdirtybuffers: 19
vfs.lodirtybuffers: 168
vfs.hidirtybuffers: 336
vfs.numfreebuffers: 1246
vfs.lofreebuffers: 75
vfs.hifreebuffers: 150
vfs.runningbufspace: 0
vfs.lorunningspace: 524288
vfs.hirunningspace: 1048576
vfs.maxbufspace: 20725760
vfs.hibufspace: 20070400
vfs.lobufspace: 20004864
vfs.bufspace: 3784704
vfs.maxmallocbufspace: 1003520
vfs.bufmallocspace: 69632
vfs.getnewbufcalls: 302
vfs.getnewbufrestarts: 0
vfs.vmiodirenable: 1
vfs.bufdefragcnt: 0
vfs.buffreekvacnt: 0
vfs.bufreusecnt: 231
vfs.cache.numneg: 77
vfs.cache.numcache: 1356
vfs.cache.numcalls: 5564
vfs.cache.dothits: 140
vfs.cache.dotdothits: 1
vfs.cache.numchecks: 4132
vfs.cache.nummiss: 1510
vfs.cache.nummisszap: 41
vfs.cache.numposzaps: 29
vfs.cache.numposhits: 3586
vfs.cache.numnegzaps: 7
vfs.cache.numneghits: 250
vfs.cache.numcwdcalls: 11
vfs.cache.numcwdfail1: 0
vfs.cache.numcwdfail2: 0
vfs.cache.numcwdfail3: 0
vfs.cache.numcwdfail4: 0
vfs.cache.numcwdfound: 11
vfs.cache.numfullpathcalls: 0
vfs.cache.numfullpathfail1: 0
vfs.cache.numfullpathfail2: 0
vfs.cache.numfullpathfail3: 0
vfs.cache.numfullpathfail4: 0
vfs.cache.numfullpathfound: 0
vfs.write_behind: 1
vfs.reassignbufcalls: 792
vfs.reassignbufloops: 0
vfs.reassignbufsortgood: 366
vfs.reassignbufsortbad: 42
vfs.reassignbufmethod: 1
vfs.nameileafonly: 0
vfs.timestamp_precision: 0
vfs.usermount: 0
vfs.ffs.doreallocblks: 1
vfs.ffs.doasyncfree: 1
net.local.stream.sendspace: 8192
net.local.stream.recvspace: 8192
net.local.dgram.maxdgram: 2048
net.local.dgram.recvspace: 4096
net.local.inflight: 0
net.inet.ip.portrange.lowfirst: 1023
net.inet.ip.portrange.lowlast: 600
net.inet.ip.portrange.first: 1024
net.inet.ip.portrange.last: 5000
net.inet.ip.portrange.hifirst: 49152
net.inet.ip.portrange.hilast: 65535
net.inet.ip.forwarding: 0
net.inet.ip.redirect: 1
net.inet.ip.ttl: 64
net.inet.ip.rtexpire: 3600
net.inet.ip.rtminexpire: 10
net.inet.ip.rtmaxcache: 128
net.inet.ip.sourceroute: 0
net.inet.ip.intr_queue_maxlen: 50
net.inet.ip.intr_queue_drops: 0
net.inet.ip.accept_sourceroute: 0
net.inet.ip.fastforwarding: 0
net.inet.ip.keepfaith: 0
net.inet.ip.subnets_are_local: 0
net.inet.ip.fw.enable: 1
net.inet.ip.fw.one_pass: 1
net.inet.ip.fw.debug: 1
net.inet.ip.fw.verbose: 1
net.inet.ip.fw.verbose_limit: 50000
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 1000
net.inet.ip.fw.static_count: 2
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 1
net.inet.ip.fw.dyn_rst_lifetime: 1
net.inet.ip.fw.dyn_udp_lifetime: 10
net.inet.ip.fw.dyn_short_lifetime: 5
net.inet.ip.fw.dyn_grace_time: 10
net.inet.ip.maxfragpackets: 312
net.inet.ip.check_interface: 0
net.inet.icmp.maskrepl: 0
net.inet.icmp.icmplim: 200
net.inet.icmp.drop_redirect: 0
net.inet.icmp.log_redirect: 0
net.inet.icmp.icmplim_output: 1
net.inet.icmp.bmcastecho: 0
net.inet.tcp.rfc1323: 1
net.inet.tcp.rfc1644: 0
net.inet.tcp.mssdflt: 512
net.inet.tcp.keepidle: 7200000
net.inet.tcp.keepintvl: 75000
net.inet.tcp.sendspace: 32768
net.inet.tcp.recvspace: 57344
net.inet.tcp.keepinit: 75000
net.inet.tcp.delacktime: 100
net.inet.tcp.log_in_vain: 0
net.inet.tcp.blackhole: 0
net.inet.tcp.delayed_ack: 1
net.inet.tcp.path_mtu_discovery: 1
net.inet.tcp.slowstart_flightsize: 1
net.inet.tcp.local_slowstart_flightsize: 4
net.inet.tcp.newreno: 1
net.inet.tcp.tcbhashsize: 512
net.inet.tcp.do_tcpdrain: 1
net.inet.tcp.pcbcount: 5
net.inet.tcp.icmp_may_rst: 1
net.inet.tcp.isn_reseed_interval: 0
net.inet.tcp.inflight_enable: 0
net.inet.tcp.inflight_debug: 0
net.inet.tcp.inflight_min: 6144
net.inet.tcp.inflight_max: 1073725440
net.inet.tcp.syncookies: 1
net.inet.tcp.syncache.bucketlimit: 30
net.inet.tcp.syncache.cachelimit: 15359
net.inet.tcp.syncache.count: 0
net.inet.tcp.syncache.hashsize: 512
net.inet.tcp.syncache.rexmtlimit: 3
net.inet.tcp.msl: 30000
net.inet.tcp.rexmit_min: 1000
net.inet.tcp.rexmit_slop: 200
net.inet.tcp.always_keepalive: 1
net.inet.udp.checksum: 1
net.inet.udp.maxdgram: 9216
net.inet.udp.recvspace: 41600
net.inet.udp.log_in_vain: 0
net.inet.udp.blackhole: 0
net.inet.accf.unloadable: 0
net.inet.raw.maxdgram: 8192
net.inet.raw.recvspace: 8192
net.link.generic.system.ifcount: 2
net.link.ether.inet.prune_intvl: 300
net.link.ether.inet.max_age: 1200
net.link.ether.inet.host_down_time: 20
net.link.ether.inet.maxtries: 5
net.link.ether.inet.useloopback: 1
net.link.ether.inet.proxyall: 0
net.link.ether.inet.log_arp_wrong_iface: 1
net.link.ether.ipfw: 0
debug.elf_trace: 0
debug.boothowto: -2147483648
debug.free_devt: 0
debug.fdexpand: 0
debug.sizeof.vnode: 168
debug.sizeof.proc: 408
debug.sizeof.specinfo: 68
debug.sizeof.disklabel: 276
debug.sizeof.diskslices: 1820
debug.sizeof.disk: 304
debug.ttydebug: 0
debug.nchash: 8191
debug.ncnegfactor: 16
debug.numneg: 77
debug.numcache: 1356
debug.vfscache: 1
debug.vnsize: 168
debug.ncsize: 36
debug.disablecwd: 0
debug.disablefullpath: 0
debug.numvnodes: 886
debug.wantfreevnodes: 25
debug.freevnodes: 670
debug.rush_requests: 0
debug.vnlru_nowhere: 0
debug.max_softdeps: 53304
debug.tickdelay: 2
debug.worklist_push: 0
debug.blk_limit_push: 0
debug.ino_limit_push: 0
debug.blk_limit_hit: 0
debug.ino_limit_hit: 0
debug.sync_limit_hit: 0
debug.indir_blk_ptrs: 0
debug.inode_bitmap: 2
debug.direct_blk_ptrs: 81
debug.dir_entry: 0
debug.dircheck: 0
hw.machine: i386
hw.model: AMD Athlon(tm) Processor
hw.ncpu: 1
hw.byteorder: 1234
hw.physmem: 98553856
hw.usermem: 93093888
hw.pagesize: 4096
hw.floatingpoint: 1
hw.machine_arch: i386
hw.ata.ata_dma: 1
hw.ata.wc: 1
hw.ata.tags: 1
hw.instruction_sse: 0
hw.availpages: 23895
machdep.consdev: { major = 12, minor = 255 }
machdep.adjkerntz: 0
machdep.disable_rtc_set: 0
machdep.wall_cmos_clock: 0
machdep.do_dump: 1
machdep.enable_panic_key: 0
machdep.ispc98: 0
machdep.msgbuf:
machdep.msgbuf_clear: 0
machdep.cpu_idle_hlt: 1
machdep.guessed_bootdev: /dev/wd0s1a
machdep.panic_on_nmi: 1
machdep.i8254_freq: 1193182
machdep.tsc_freq: 903708779
user.cs_path: /usr/bin:/bin:/usr/sbin:/sbin:
user.bc_base_max: 99
user.bc_dim_max: 2048
user.bc_scale_max: 99
user.bc_string_max: 1000
user.coll_weights_max: 0
user.expr_nest_max: 32
user.line_max: 2048
user.re_dup_max: 255
user.posix2_version: 199212
user.posix2_c_bind: 0
user.posix2_c_dev: 0
user.posix2_char_term: 0
user.posix2_fort_dev: 0
user.posix2_fort_run: 0
user.posix2_localedef: 0
user.posix2_sw_dev: 0
user.posix2_upe: 0
user.stream_max: 20
user.tzname_max: 255
p1003_1b.asynchronous_io: 0
p1003_1b.mapped_files: 0
p1003_1b.memlock: 0
p1003_1b.memlock_range: 0
p1003_1b.memory_protection: 0
p1003_1b.message_passing: 0
p1003_1b.prioritized_io: 0
p1003_1b.priority_scheduling: 1
p1003_1b.realtime_signals: 0
p1003_1b.semaphores: 0
p1003_1b.fsync: 0
p1003_1b.shared_memory_objects: 0
p1003_1b.synchronized_io: 0
p1003_1b.timers: 0
p1003_1b.aio_listio_max: 0
p1003_1b.aio_max: 0
p1003_1b.aio_prio_delta_max: 0
p1003_1b.delaytimer_max: 0
p1003_1b.mq_open_max: 0
p1003_1b.pagesize: 4096
p1003_1b.rtsig_max: 0
p1003_1b.sem_nsems_max: 0
p1003_1b.sem_value_max: 0
p1003_1b.sigqueue_max: 0
p1003_1b.timer_max: 0
jail.set_hostname_allowed: 1
jail.socket_unixiproute_only: 1
jail.sysvipc_allowed: 0
kinder2000 mailto:kinder2000 at mail.ru
More information about the freebsd-questions
mailing list