summaryrefslogtreecommitdiffstats
path: root/sys/i386/conf/LINT
diff options
context:
space:
mode:
Diffstat (limited to 'sys/i386/conf/LINT')
-rw-r--r--sys/i386/conf/LINT14
1 files changed, 14 insertions, 0 deletions
diff --git a/sys/i386/conf/LINT b/sys/i386/conf/LINT
index 12f4c2b..1af39e1 100644
--- a/sys/i386/conf/LINT
+++ b/sys/i386/conf/LINT
@@ -469,6 +469,20 @@ options IPFILTER_LOG #ipfilter logging
options IPSTEALTH #support for stealth forwarding
options TCPDEBUG
+# The following options add sysctl variables for controlling how certain
+# TCP packets are handled.
+#
+# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST packets.
+# This is useful on systems which are exposed to SYN floods (e.g. IRC servers)
+# or any system which one does not want to be easily portscannable.
+#
+# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
+# prevents nmap et al. from identifying the TCP/IP stack, but breaks support
+# for RFC1644 extensions and is not recommended for web servers.
+#
+options TCP_RESTRICT_RST #restrict emission of TCP RST
+options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
+
# ICMP_BANDLIM enables icmp error response bandwidth limiting. You
# typically want this option as it will help protect the machine from
# D.O.S. packet attacks.
OpenPOWER on IntegriCloud