Don't mention TCP_RESTRICT_RST (it no longer exists), and add an Q&A
about limited logging. PR: 29086 Submitted by: marcs@draenor.org
This commit is contained in:
Dima Dorfman
parent
a6695a0034
commit
cb09e625c8
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=9981
1 changed files with 18 additions and 13 deletions
|
|
@ -1,7 +1,7 @@
|
||||||
<!--
|
<!--
|
||||||
The FreeBSD Documentation Project
|
The FreeBSD Documentation Project
|
||||||
|
|
||||||
$FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.9 2001/07/06 12:50:08 dd Exp $
|
$FreeBSD: doc/en_US.ISO8859-1/articles/dialup-firewall/article.sgml,v 1.10 2001/07/06 13:02:48 dd Exp $
|
||||||
-->
|
-->
|
||||||
|
|
||||||
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
|
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V4.1-Based Extension//EN" [
|
||||||
|
|
@ -24,7 +24,7 @@
|
||||||
</author>
|
</author>
|
||||||
</authorgroup>
|
</authorgroup>
|
||||||
|
|
||||||
<pubdate>$Date: 2001-07-06 13:02:48 $</pubdate>
|
<pubdate>$Date: 2001-07-20 07:42:09 $</pubdate>
|
||||||
|
|
||||||
<abstract>
|
<abstract>
|
||||||
<para>This article documents how to setup a firewall using a PPP
|
<para>This article documents how to setup a firewall using a PPP
|
||||||
|
|
@ -102,17 +102,6 @@
|
||||||
want to use them.</para>
|
want to use them.</para>
|
||||||
|
|
||||||
<variablelist>
|
<variablelist>
|
||||||
<varlistentry>
|
|
||||||
<term><literal>options TCP_RESTRICT_RST</literal></term>
|
|
||||||
|
|
||||||
<listitem>
|
|
||||||
<para>This option blocks all TCP RST packets. This is
|
|
||||||
best used for systems that might be exposed to SYN
|
|
||||||
flooding (IRC Servers are a good example) or for those who
|
|
||||||
do not want to be easily portscannable.</para>
|
|
||||||
</listitem>
|
|
||||||
</varlistentry>
|
|
||||||
|
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><literal>options TCP_DROP_SYNFIN</literal></term>
|
<term><literal>options TCP_DROP_SYNFIN</literal></term>
|
||||||
|
|
||||||
|
|
@ -274,6 +263,22 @@ $fwcmd add 65435 deny log ip from any to any</programlisting>
|
||||||
</answer>
|
</answer>
|
||||||
</qandaentry>
|
</qandaentry>
|
||||||
|
|
||||||
|
<qandaentry>
|
||||||
|
<question>
|
||||||
|
<para>I get messages like <errorname>limit 100 reached on entry
|
||||||
|
2800</errorname> and after that I never see more denies in my
|
||||||
|
logs. Is my firewall still working?</para>
|
||||||
|
</question>
|
||||||
|
|
||||||
|
<answer>
|
||||||
|
<para>This merely means that the maximum logging count for the
|
||||||
|
rule has been reached. The rule itself is still working,
|
||||||
|
but it will no longer log until such time as you reset the
|
||||||
|
logging counters. This can be done by simply prefixing the
|
||||||
|
ipfw command with the <literal>resetlog</literal> option.</para>
|
||||||
|
</answer>
|
||||||
|
</qandaentry>
|
||||||
|
|
||||||
<qandaentry>
|
<qandaentry>
|
||||||
<question>
|
<question>
|
||||||
<para>If I'm using private addresses internally, such as in the
|
<para>If I'm using private addresses internally, such as in the
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue