Add some more content to the article.
PR: 19841 Submitted by: Marc Silver <marcs@draenor.org>
This commit is contained in:
parent
5e16cb2197
commit
f8430a156c
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=7559
2 changed files with 64 additions and 4 deletions
|
@ -1,7 +1,7 @@
|
|||
<!--
|
||||
The FreeBSD Documentation Project
|
||||
|
||||
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.1 2000/06/07 23:22:17 nik Exp $
|
||||
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.2 2000/06/12 04:03:39 kevlo Exp $
|
||||
-->
|
||||
|
||||
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
|
||||
|
@ -24,7 +24,7 @@
|
|||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>$Date: 2000-06-12 04:03:39 $</pubdate>
|
||||
<pubdate>$Date: 2000-07-11 10:21:49 $</pubdate>
|
||||
|
||||
<abstract>
|
||||
<para>This article documents how to setup a firewall using a PPP
|
||||
|
@ -96,6 +96,36 @@
|
|||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>There are also some other OPTIONAL items that you can compile
|
||||
into the kernel for some added security. These are not required in
|
||||
order to get firewalling to work, but some more paranoid users may
|
||||
want to use them.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_RESTRICT_RST</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>This option blocks all TCP RST packets. This is
|
||||
best used for systems that might be exposed to SYN
|
||||
flooding (IRC Servers are a good example) or for those who
|
||||
do not want to be easily portscannable.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_DROP_SYNFIN</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>This option ignores TCP packets with SYN and FIN. This
|
||||
prevents tools such as nmap etc from identifying the TCP/IP
|
||||
stack of the machine, but breaks support for RFC1644
|
||||
extensions. This is NOT recommended if the machine will be
|
||||
running web server.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>Don't reboot once you have recompiled the kernel. Hopefully, we will
|
||||
need to reboot just once in order to complete the installing of the
|
||||
firewall.</para>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<!--
|
||||
The FreeBSD Documentation Project
|
||||
|
||||
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.1 2000/06/07 23:22:17 nik Exp $
|
||||
$FreeBSD: doc/en_US.ISO_8859-1/articles/dialup-firewall/article.sgml,v 1.2 2000/06/12 04:03:39 kevlo Exp $
|
||||
-->
|
||||
|
||||
<!DOCTYPE article PUBLIC "-//FreeBSD//DTD DocBook V3.1-Based Extension//EN" [
|
||||
|
@ -24,7 +24,7 @@
|
|||
</author>
|
||||
</authorgroup>
|
||||
|
||||
<pubdate>$Date: 2000-06-12 04:03:39 $</pubdate>
|
||||
<pubdate>$Date: 2000-07-11 10:21:49 $</pubdate>
|
||||
|
||||
<abstract>
|
||||
<para>This article documents how to setup a firewall using a PPP
|
||||
|
@ -96,6 +96,36 @@
|
|||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>There are also some other OPTIONAL items that you can compile
|
||||
into the kernel for some added security. These are not required in
|
||||
order to get firewalling to work, but some more paranoid users may
|
||||
want to use them.</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_RESTRICT_RST</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>This option blocks all TCP RST packets. This is
|
||||
best used for systems that might be exposed to SYN
|
||||
flooding (IRC Servers are a good example) or for those who
|
||||
do not want to be easily portscannable.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><literal>options TCP_DROP_SYNFIN</literal></term>
|
||||
|
||||
<listitem>
|
||||
<para>This option ignores TCP packets with SYN and FIN. This
|
||||
prevents tools such as nmap etc from identifying the TCP/IP
|
||||
stack of the machine, but breaks support for RFC1644
|
||||
extensions. This is NOT recommended if the machine will be
|
||||
running web server.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
<para>Don't reboot once you have recompiled the kernel. Hopefully, we will
|
||||
need to reboot just once in order to complete the installing of the
|
||||
firewall.</para>
|
||||
|
|
Loading…
Reference in a new issue