I saw somewhere an undocumented option in kernel config that
somehow refuses SYN & ACK requests that prevents software
From /usr/src/sys/i386/conf/LINT :
# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This
# prevents nmap et al. from identifying the TCP/IP stack, but breaks
# for RFC1644 extensions and is not recommended for web servers.
# TCP_RESTRICT_RST adds support for blocking the emission of TCP RST
# This is useful on systems which are exposed to SYN floods (e.g. IRC
# or any system which one does not want to be easily portscannable.
options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN
options TCP_RESTRICT_RST #restrict emission of TCP RST
Looks documented to me. :-)
To Unsubscribe: send mail to majo...@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message