Re: packets with syn/fin vs pf_norm.c
In some mail from Richard Coleman, sie said:
> 1. I thought that T/TCP was being removed from FreeBSD (already happened?).
> 2. It's trivial to predict Theo's response to this.
> 3. Since T/TCP is rare, there is little motivation to alter scrub to
> function differently than OpenBSD with respect to these packets. If
> someone really needs this, there are plenty of alternatives.
I didn't know about (1) but I'd agree with (2) and (3).
> But more importantly, the original question has been lost. The original
> question was what should the various firewalls do when the kernel has
> been compiled with TCP_DROP_SYNFIN. Regardless of whether those packets
> are valid or not, a person may have reason to compile this feature into
> the kernel. So, should the firewalls acts differently if this kernel
> option is used?
IMHO, No.
Darren
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 9 之 13 篇):