diff options
author | des <des@FreeBSD.org> | 1999-09-13 09:18:31 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 1999-09-13 09:18:31 +0000 |
commit | 4d628082ace71f3ad6b9c8b7679ffc8f8f50065c (patch) | |
tree | d380ad0c63c71f4998508b5d9bd123812ed897da | |
parent | 3edadb57c6814381093ebe5207f51f82eb8cb3f7 (diff) | |
download | FreeBSD-src-4d628082ace71f3ad6b9c8b7679ffc8f8f50065c.zip FreeBSD-src-4d628082ace71f3ad6b9c8b7679ffc8f8f50065c.tar.gz |
Document tcp_keepalive, tcp_drop_synfin, tcp_restrict_rst,
icmp_drop_redirect and icmp_log_redirect.
-rw-r--r-- | share/man/man5/rc.conf.5 | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index f37dee6..274e401 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -213,6 +213,40 @@ to be broken with respect to these options. by default. Setting to YES will enable logging of connection attempts to ports that have no listening socket on them. +.It Ar tcp_keepalive +(bool) Set to +.Ar YES +by default. +Setting to NO will disable probing idle TCP connections to verify that the +peer is still up and reachable. +.It Ar tcp_drop_synfin +(bool) Set to +.Ar NO +by default. +Setting to YES will cause the kernel to ignore TCP frames that have both +the SYN and FIN flags set. This prevents OS fingerprinting, but may +break some legitimate applications. This option is only available if the +kernel was built with the TCP_DROP_SYNFIN option. +.It Ar tcp_restrict_rst +(bool) Set to +.Ar NO +by default. +Setting to YES will cause the kernel to refrain from emitting TCP RST frames +in response to invalid TCP packets (e.g. frames destined for closed ports). +This option is only available if the kernel was built with the +TCP_RESTRICT_RST option. +.It Ar icmp_drop_redirect +(bool) Set to +.Ar NO +by default. +Setting to YES will cause the kernel to ignore ICMP REDIRECT packets. +.It Ar icmp_log_redirect +(bool) Set to +.Ar NO +by default. +Setting to YES will cause the kernel to log ICMP REDIRECT packets. Not that +the log messages are not rate-limited, so this option should only be used +for troubleshooting your own network. .It Ar network_interfaces (str) Set to the list of network interfaces to configure on this host. For example, if you had a loopback device (standard) and an SMC Elite |