>Date: Thu, 06 May 2004 21:16:03 +0200 >From: Andre Oppermann <andre_at_freebsd.org> >To: freebsd-current_at_freebsd.org, freebsd-net_at_freebsd.org >Subject: Default behaviour of IP Options processing >Sender: owner-freebsd-current_at_freebsd.org >However I want to propose to change the default from processing options >to ignoring options (or even stronger to reject them). >.... >Opinions? Discussion? Yes/Nay? >From "ipfw show" on my home gateway/NAT/packet fileter box: ... 02000 0 0 deny log ip from any to any ipopt rr 02010 0 0 deny log ip from any to any ipopt ts 02020 0 0 deny log ip from any to any ipopt ssrr 02030 0 0 deny log ip from any to any ipopt lsrr I implemented those rules back around August, 1999, when I first set the box up; I don't recall that they have ever been triggered. (Uptime on the box is nowhere near 4+ years, as it's been tracking -STABLE about every couple of weeks: janus# uname -a FreeBSD janus.catwhisker.org 4.10-PRERELEASE FreeBSD 4.10-PRERELEASE #66: Sun May 2 06:05:10 PDT 2004 root_at_freebeast.catwhisker.org:/common/S1/obj/usr/src/sys/JANUS i386 janus# So the counters from "show ipfw" only show traffic since janus# uptime 12:27PM up 4 days, 5:53, 1 user, load averages: 0.04, 0.03, 0.06 janus# -- not really enough to be significant.) My point was that there are some of us who, quite deliberately, decline to accept options-laden traffic anyhow. So I have no known reason to object to the proposal. Peace, david -- David H. Wolfskill david_at_catwhisker.org I do not "unsubscribe" from email "services" to which I have not explicitly subscribed. Rather, I block spammers' access to SMTP servers I control, and encourage others who are in a position to do so to do likewise.Received on Thu May 06 2004 - 10:29:28 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:53 UTC