diff options
author | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
---|---|---|
committer | andre <andre@FreeBSD.org> | 2007-03-21 18:25:28 +0000 |
commit | 878e882d886a3a35db4943b997201c50c392f095 (patch) | |
tree | 94a5b428054054898dc8d5b82c6f8c9fc75bc04f /sys/conf/NOTES | |
parent | 279a028838100f62c22c53cd1abde9ced5d5faed (diff) | |
download | FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.zip FreeBSD-src-878e882d886a3a35db4943b997201c50c392f095.tar.gz |
Make TCP_DROP_SYNFIN a standard part of TCP. Disabled by default it
doesn't impede normal operation negatively and is only a few lines of
code. It's close relatives blackhole and log_in_vain aren't options
either.
Diffstat (limited to 'sys/conf/NOTES')
-rw-r--r-- | sys/conf/NOTES | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index 5359693..8e2c447 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -875,12 +875,6 @@ options MBUF_STRESS_TEST options ACCEPT_FILTER_DATA options ACCEPT_FILTER_HTTP -# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This -# prevents nmap et al. from identifying the TCP/IP stack, but breaks support -# for RFC1644 extensions and is not recommended for web servers. -# -options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN - # TCP_SIGNATURE adds support for RFC 2385 (TCP-MD5) digests. These are # carried in TCP option 19. This option is commonly used to protect # TCP sessions (e.g. BGP) where IPSEC is not available nor desirable. |