Add some more content to the article.

PR:		19841
Submitted by:	Marc Silver <marcs@draenor.org>
This commit is contained in:
Neil Blakey-Milner 2000-07-11 10:21:49 +00:00
parent 5e16cb2197
commit f8430a156c
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/head/; revision=7559
2 changed files with 64 additions and 4 deletions

View file

@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.1 2000/06/07 23:22:17 nik Exp $
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.2 2000/06/12 04:03:39 kevlo Exp $
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
@ -24,7 +24,7 @@
</author>
</authorgroup>
<pubdate>$Date: 2000-06-12 04:03:39 $</pubdate>
<pubdate>$Date: 2000-07-11 10:21:49 $</pubdate>
<abstract>
<para>This article documents how to setup a firewall using a PPP
@ -96,6 +96,36 @@
</varlistentry>
</variablelist>
<para>There are also some other OPTIONAL items that you can compile
into the kernel for some added security. These are not required in
order to get firewalling to work, but some more paranoid users may
want to use them.</para>
<variablelist>
<varlistentry>
<term><literal>options TCP_RESTRICT_RST</literal></term>
<listitem>
<para>This option blocks all TCP RST packets. This is
best used for systems that might be exposed to SYN
flooding (IRC Servers are a good example) or for those who
do not want to be easily portscannable.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>options TCP_DROP_SYNFIN</literal></term>
<listitem>
<para>This option ignores TCP packets with SYN and FIN. This
prevents tools such as nmap etc from identifying the TCP/IP
stack of the machine, but breaks support for RFC1644
extensions. This is NOT recommended if the machine will be
running web server.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Don't reboot once you have recompiled the kernel. Hopefully, we will
need to reboot just once in order to complete the installing of the
firewall.</para>

View file

@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.1 2000/06/07 23:22:17 nik Exp $
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.2 2000/06/12 04:03:39 kevlo Exp $
-->
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
@ -24,7 +24,7 @@
</author>
</authorgroup>
<pubdate>$Date: 2000-06-12 04:03:39 $</pubdate>
<pubdate>$Date: 2000-07-11 10:21:49 $</pubdate>
<abstract>
<para>This article documents how to setup a firewall using a PPP
@ -96,6 +96,36 @@
</varlistentry>
</variablelist>
<para>There are also some other OPTIONAL items that you can compile
into the kernel for some added security. These are not required in
order to get firewalling to work, but some more paranoid users may
want to use them.</para>
<variablelist>
<varlistentry>
<term><literal>options TCP_RESTRICT_RST</literal></term>
<listitem>
<para>This option blocks all TCP RST packets. This is
best used for systems that might be exposed to SYN
flooding (IRC Servers are a good example) or for those who
do not want to be easily portscannable.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>options TCP_DROP_SYNFIN</literal></term>
<listitem>
<para>This option ignores TCP packets with SYN and FIN. This
prevents tools such as nmap etc from identifying the TCP/IP
stack of the machine, but breaks support for RFC1644
extensions. This is NOT recommended if the machine will be
running web server.</para>
</listitem>
</varlistentry>
</variablelist>
<para>Don't reboot once you have recompiled the kernel. Hopefully, we will
need to reboot just once in order to complete the installing of the
firewall.</para>