o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now

included in the kernel by default.  Remove reference to this option
from defaults/rc.conf and rc.conf(5).

PR:		conf/119098
Submitted by:	Beat Gaetzi
MFC after:	1 week

2 files changed, 1 insertions, 7 deletions

diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
index 7a18b9c..356cec2 100644
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@@ -163,8 +163,6 @@ pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
 log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
-# For the following option you need to have TCP_DROP_SYNFIN set in your
-# kernel.  Please refer to LINT and NOTES for details.
 tcp_drop_synfin="NO"		# Set to YES to drop TCP packets with SYN+FIN
 				# NOTE: this violates the TCP specification
 icmp_drop_redirect="NO" 	# Set to YES to ignore ICMP REDIRECT packets
diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5
index 920b8f3..2797651 100644
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 27, 2007
+.Dd January 12, 2008
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@@ -952,10 +952,6 @@ will cause the kernel to ignore TCP frames that have both
 the SYN and FIN flags set.
 This prevents OS fingerprinting, but may
 break some legitimate applications.
-This option is only available if the
-kernel was built with the
-.Dv TCP_DROP_SYNFIN
-option.
 .It Va icmp_drop_redirect
 .Pq Vt bool
 Set to