Securing FreeBSD

Jez Hancock jez.hancock at
Thu May 15 11:13:14 PDT 2003

On Thu, May 15, 2003 at 07:00:57PM +0100, G D McKee wrote:
> Can someone explain to me why the TCP_DROP_SYNFIN option breaks web access?  It doesn't seem to have made any changes that I have noticed.  I can't find any docs regarding this to explain what it might break.  Does anyone know any other variables to add to make me more secure?
I imagine it breaks the 'keepalive' functionality of various webservers
which allows a webserver to keep a connection alive for a certain period
of time to save the browser/client having to keep re-establishing a TCP
connection when they browse from one page to another on a site.

Would be worth checking the RFC that's mentioned (iirc) in the LINT file
to confirm this.

More information about the freebsd-questions mailing list