If I use this setting on the DMZ firewall would it affect a web server running in the DMZ behind the FW ? The web server IP/port would be redirected into the DMZ by natd, or does this only break SYN+FIN if the web server is running on the same box ?
As stated in LINT: # TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This # prevents nmap et al. from identifying the TCP/IP stack, but breaks support # for RFC1644 extensions and is not recommended for web servers. # options TCP_DROP_SYNFIN #drop TCP packets with SYN+FIN Thanks, Jon. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"