diff options
| author | des <des@FreeBSD.org> | 1999-09-13 09:45:07 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 1999-09-13 09:45:07 +0000 |
| commit | ad7d5e0e01aad87115442a7aac072c1ff28f34bd (patch) | |
| tree | cfb52c788f631dfd5a7a7b28fd2da4df4449f778 | |
| parent | 4d628082ace71f3ad6b9c8b7679ffc8f8f50065c (diff) | |
| download | FreeBSD-src-ad7d5e0e01aad87115442a7aac072c1ff28f34bd.zip FreeBSD-src-ad7d5e0e01aad87115442a7aac072c1ff28f34bd.tar.gz | |
Fix disordering introduced in my previous commit.
Pointed out by: bde
| -rw-r--r-- | etc/defaults/rc.conf | 2 | ||||
| -rw-r--r-- | sys/conf/NOTES | 10 | ||||
| -rw-r--r-- | sys/i386/conf/LINT | 10 | ||||
| -rw-r--r-- | sys/i386/conf/NOTES | 10 |
4 files changed, 16 insertions, 16 deletions
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index b62f6f9..3e87afa 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -49,9 +49,9 @@ natd_flags="" # Additional flags for natd. tcp_extensions="NO" # Set to YES to turn on RFC1323 extensions. log_in_vain="NO" # YES to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). -tcp_restrict_rst="NO" # Set to YES to restrict emission of RST tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this breaks rfc1644 extensions (T/TCP) +tcp_restrict_rst="NO" # Set to YES to restrict emission of RST icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets network_interfaces="auto" # List of network interfaces (or "auto"). diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 3b8b8a7..ed50060 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -472,16 +472,16 @@ options TCPDEBUG # The following options add sysctl variables for controlling how certain # TCP packets are handled. # -# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. -# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) -# or any system which one does not want to be easily portscannable. -# # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # -options TCP_RESTRICT_RST #restrict emission of TCP RST +# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. +# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) +# or any system which one does not want to be easily portscannable. +# options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN +options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT index 3b8b8a7..ed50060 100644 --- a/sys/i386/conf/LINT +++ b/sys/i386/conf/LINT @@ -472,16 +472,16 @@ options TCPDEBUG # The following options add sysctl variables for controlling how certain # TCP packets are handled. # -# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. -# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) -# or any system which one does not want to be easily portscannable. -# # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # -options TCP_RESTRICT_RST #restrict emission of TCP RST +# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. +# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) +# or any system which one does not want to be easily portscannable. +# options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN +options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from diff --git a/sys/i386/conf/NOTES b/sys/i386/conf/NOTES index 3b8b8a7..ed50060 100644 --- a/sys/i386/conf/NOTES +++ b/sys/i386/conf/NOTES @@ -472,16 +472,16 @@ options TCPDEBUG # The following options add sysctl variables for controlling how certain # TCP packets are handled. # -# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. -# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) -# or any system which one does not want to be easily portscannable. -# # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # -options TCP_RESTRICT_RST #restrict emission of TCP RST +# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets. +# This is useful on systems which are exposed to SYN floods (e.g. IRC servers) +# or any system which one does not want to be easily portscannable. +# options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN +options TCP_RESTRICT_RST #restrict emission of TCP RST # ICMP_BANDLIM enables icmp error response bandwidth limiting. You # typically want this option as it will help protect the machine from |
