diff options
author | des <des@FreeBSD.org> | 1999-09-12 17:22:08 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 1999-09-12 17:22:08 +0000 |
commit | 19e7731a48a4eb97e3756995fb2a8094f13594e6 (patch) | |
tree | a641d4b8cc1397a0dd5e839b7ca64648e895a156 /etc/rc.d | |
parent | 4c16a85a3ff03636818f24c79ff2bc5947df9263 (diff) | |
download | FreeBSD-src-19e7731a48a4eb97e3756995fb2a8094f13594e6.zip FreeBSD-src-19e7731a48a4eb97e3756995fb2a8094f13594e6.tar.gz |
Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl
variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel
options, respectively. See the comments in LINT for details.
Diffstat (limited to 'etc/rc.d')
-rw-r--r-- | etc/rc.d/netoptions | 10 | ||||
-rw-r--r-- | etc/rc.d/network1 | 10 | ||||
-rw-r--r-- | etc/rc.d/network2 | 10 | ||||
-rw-r--r-- | etc/rc.d/network3 | 10 | ||||
-rw-r--r-- | etc/rc.d/routing | 10 |
5 files changed, 50 insertions, 0 deletions
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index d132525..781c73f 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -229,6 +229,16 @@ network_pass1() { sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null fi + if [ "X$tcp_restrict_rst" = X"YES" ]; then + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + fi + + if [ "X$tcp_drop_synfin" = X"YES" ]; then + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + fi + if [ "${ipxgateway_enable}" = "YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index d132525..781c73f 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -229,6 +229,16 @@ network_pass1() { sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null fi + if [ "X$tcp_restrict_rst" = X"YES" ]; then + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + fi + + if [ "X$tcp_drop_synfin" = X"YES" ]; then + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + fi + if [ "${ipxgateway_enable}" = "YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index d132525..781c73f 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -229,6 +229,16 @@ network_pass1() { sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null fi + if [ "X$tcp_restrict_rst" = X"YES" ]; then + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + fi + + if [ "X$tcp_drop_synfin" = X"YES" ]; then + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + fi + if [ "${ipxgateway_enable}" = "YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index d132525..781c73f 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -229,6 +229,16 @@ network_pass1() { sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null fi + if [ "X$tcp_restrict_rst" = X"YES" ]; then + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + fi + + if [ "X$tcp_drop_synfin" = X"YES" ]; then + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + fi + if [ "${ipxgateway_enable}" = "YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null diff --git a/etc/rc.d/routing b/etc/rc.d/routing index d132525..781c73f 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -229,6 +229,16 @@ network_pass1() { sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null fi + if [ "X$tcp_restrict_rst" = X"YES" ]; then + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + fi + + if [ "X$tcp_drop_synfin" = X"YES" ]; then + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + fi + if [ "${ipxgateway_enable}" = "YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null |