Make TCP_DROP_SYNFIN a standard part of TCP. Disabled by default it

doesn't impede normal operation negatively and is only a few lines of code. It's close relatives blackhole and log_in_vain aren't options either.
author: andre <andre@FreeBSD.org> 2007-03-21 18:25:28 +0000
committer: andre <andre@FreeBSD.org> 2007-03-21 18:25:28 +0000
commit: 878e882d886a3a35db4943b997201c50c392f095 (patch)
tree: 94a5b428054054898dc8d5b82c6f8c9fc75bc04f /sys/conf/NOTES
parent: 279a028838100f62c22c53cd1abde9ced5d5faed (diff)
download: FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.zip
FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.tar.gz
1 files changed, 0 insertions, 6 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES
index 5359693..8e2c447 100644
--- a/sys/conf/NOTES
+++ b/sys/conf/NOTES
@@ -875,12 +875,6 @@ options 	MBUF_STRESS_TEST
 options 	ACCEPT_FILTER_DATA
 options 	ACCEPT_FILTER_HTTP
 
-# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
-# prevents nmap et al. from identifying the TCP/IP stack, but breaks support
-# for RFC1644 extensions and is not recommended for web servers.
-#
-options 	TCP_DROP_SYNFIN		#drop TCP packets with SYN+FIN
-
 # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are
 # carried in TCP option 19. This option is commonly used to protect
 # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable.
author	andre <andre@FreeBSD.org>	2007-03-21 18:25:28 +0000
committer	andre <andre@FreeBSD.org>	2007-03-21 18:25:28 +0000
commit	878e882d886a3a35db4943b997201c50c392f095 (patch)
tree	94a5b428054054898dc8d5b82c6f8c9fc75bc04f /sys/conf/NOTES
parent	279a028838100f62c22c53cd1abde9ced5d5faed (diff)
download	FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.zip FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.tar.gz