Using apropos sysctl
we get a list of several manpages, including blackhole(4), sysctl(3), sysctl(8) and sysctl.conf(5). These refer to several other sources, including ip(4), tcp(4), udp(4) and rc.conf(5) - they also mention <sys/sysctl.h>, <sys/socket.h>, <netinet/in.h>, <netinet/icmp_var.h> and <netinet/udp_var.h> if you want to study the variables first-hand. ----- Original Message ----- From: "fbsd_user" <[EMAIL PROTECTED]> Subject: network security sysctl mib's > The sysctl.conf file contains MIB's to change the default setting of > internal options of the kernel at boot up time. > I have found these MIB's when I display all the sysctl's. > > These deal with how packets entering the FBSD system are handled by > default. > There are no man info on any MIB's. > > I an looking for an description of what these do and > why I would want to turn them on. > > There must be some network security reason or problem > that these address or they would not have been created > in the first place. > > Are these MIB's only intended to be used on FBSD systems > that do not have firewalls? > > When do these MIB's get control > in the kernel, as they relate to IPFW or IPFILTER > firewall seeing the packets? > [IE: do they all process against the packet before the packet > is handed off to the firewall or after the firewall has done > it's thing and hands the packet back to the kernel?]. > > Since these are network security MIB's why are they not documented > someplace? > They can have an large impact on the security of one's FBSD system, > and should be made known to the general administrator of the FBSD > system and the firewall administrator. > > I know I need an FBSD developer who makes code changes to the kernel > to review the internal FBSD kernel code to answer these questions. I > hope someone will help me in this. > > net.inet.icmp.drop_redirect=1 > net.inet.icmp.log_redirect=0 > net.inet.ip.redirect=0 > > net.inet.ip.sourceroute=0 > net.inet.ip.accept_sourceroute=0 > > net.inet.icmp.bmcastecho=0 > > net.inet.tcp.blackhole=2 > net.inet.udp.blackhole=1 > > net.inet.tcp.log_in_vain=1 > net.inet.udp.log_in_vain=1 > > > _______________________________________________ > [EMAIL PROTECTED] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"