Don't mention TCP_RESTRICT_RST (it no longer exists), and add an Q&A
about limited logging. PR: 29086 Submitted by: marcs@draenor.org
This commit is contained in:
Dima Dorfman
parent
a6695a0034
commit
cb09e625c8
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=9981
1 changed files with 18 additions and 13 deletions
|
|
@ -1,7 +1,7 @@
|
|||
<!--
|
||||
The FreeBSD Documentation Project
|
||||
|
||||
$FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.9 2001/07/06 12:50:08 dd Exp $
|
||||
$FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.10 2001/07/06 13:02:48 dd Exp $
|
||||
-->
|
||||
|
||||
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
|
||||
|
|
@ -24,7 +24,7 @@
|
|||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>$Date: 2001-07-06 13:02:48 $</pubdate>
|
||||
<pubdate>$Date: 2001-07-20 07:42:09 $</pubdate>
|
||||
|
||||
<abstract>
|
||||
<para>This article documents how to setup a firewall using a PPP
|
||||
|
|
@ -102,17 +102,6 @@
|
|||
want to use them.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_RESTRICT_RST</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>This option blocks all TCP RST packets. This is
|
||||
best used for systems that might be exposed to SYN
|
||||
flooding (IRC Servers are a good example) or for those who
|
||||
do not want to be easily portscannable.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_DROP_SYNFIN</literal></term>
|
||||
|
||||
|
|
@ -274,6 +263,22 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
|
|||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>I get messages like <errorname>limit 100 reached on entry
|
||||
2800</errorname> and after that I never see more denies in my
|
||||
logs. Is my firewall still working?</para>
|
||||
</question>
|
||||
|
||||
<answer>
|
||||
<para>This merely means that the maximum logging count for the
|
||||
rule has been reached. The rule itself is still working,
|
||||
but it will no longer log until such time as you reset the
|
||||
logging counters. This can be done by simply prefixing the
|
||||
ipfw command with the <literal>resetlog</literal> option.</para>
|
||||
</answer>
|
||||
</qandaentry>
|
||||
|
||||
<qandaentry>
|
||||
<question>
|
||||
<para>If I'm using private addresses internally, such as in the
|
||||
|
|
|
|||
Loading…
Reference in a new issue