| NOTES (c678bc4f13a340ad88debe321afd0097db2590cb) | NOTES (64dddc18727af4db4a6047ff86291d981f6e9042) |
|---|---|
| 1# 2# NOTES -- Lines that can be cut/pasted into kernel and hints configs. 3# 4# Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers', 5# 'makeoptions', 'hints' etc go into the kernel configuration that you 6# run config(8) with. 7# 8# Lines that begin with 'hints.' are NOT for config(8), they go into your --- 576 unchanged lines hidden (view full) --- 585options IPV6FIREWALL_DEFAULT_TO_ACCEPT 586options IPDIVERT #divert sockets 587options IPFILTER #ipfilter support 588options IPFILTER_LOG #ipfilter logging 589options IPFILTER_DEFAULT_BLOCK #block all packets by default 590options IPSTEALTH #support for stealth forwarding 591options TCPDEBUG 592 | 1# 2# NOTES -- Lines that can be cut/pasted into kernel and hints configs. 3# 4# Lines that begin with 'device', 'options', 'machine', 'ident', 'maxusers', 5# 'makeoptions', 'hints' etc go into the kernel configuration that you 6# run config(8) with. 7# 8# Lines that begin with 'hints.' are NOT for config(8), they go into your --- 576 unchanged lines hidden (view full) --- 585options IPV6FIREWALL_DEFAULT_TO_ACCEPT 586options IPDIVERT #divert sockets 587options IPFILTER #ipfilter support 588options IPFILTER_LOG #ipfilter logging 589options IPFILTER_DEFAULT_BLOCK #block all packets by default 590options IPSTEALTH #support for stealth forwarding 591options TCPDEBUG 592 |
| 593# RANDOM_IP_ID causes the ID field in IP packets to be randomized 594# instead of incremented by 1 with each packet generated. This 595# option closes a minor information leak which allows remote 596# observers to determine the rate of packet generation on the 597# machine by watching the counter. 598options RANDOM_IP_ID 599 |
|
| 593# Statically Link in accept filters 594options ACCEPT_FILTER_DATA 595options ACCEPT_FILTER_HTTP 596 597# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This 598# prevents nmap et al. from identifying the TCP/IP stack, but breaks support 599# for RFC1644 extensions and is not recommended for web servers. 600# --- 2260 unchanged lines hidden --- | 600# Statically Link in accept filters 601options ACCEPT_FILTER_DATA 602options ACCEPT_FILTER_HTTP 603 604# TCP_DROP_SYNFIN adds support for ignoring TCP packets with SYN+FIN. This 605# prevents nmap et al. from identifying the TCP/IP stack, but breaks support 606# for RFC1644 extensions and is not recommended for web servers. 607# --- 2260 unchanged lines hidden --- |