From 2123fbe6cdec25a4d99a67349623b831f3f111e9 Mon Sep 17 00:00:00 2001 From: Maxim Konovalov Date: Sat, 12 Jan 2008 20:52:30 +0000 Subject: [PATCH] o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now included in the kernel by default. Remove reference to this option from defaults/rc.conf and rc.conf(5). PR: conf/119098 Submitted by: Beat Gaetzi MFC after: 1 week --- etc/defaults/rc.conf | 2 -- share/man/man5/rc.conf.5 | 6 +----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf index 7a18b9c2902..356cec2d90e 100644 --- a/etc/defaults/rc.conf +++ b/etc/defaults/rc.conf @@ -163,8 +163,6 @@ pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions. log_in_vain="0" # >=1 to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). -# For the following option you need to have TCP_DROP_SYNFIN set in your -# kernel. Please refer to LINT and NOTES for details. tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this violates the TCP specification icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets diff --git a/share/man/man5/rc.conf.5 b/share/man/man5/rc.conf.5 index 920b8f375e4..2797651e04c 100644 --- a/share/man/man5/rc.conf.5 +++ b/share/man/man5/rc.conf.5 @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd October 27, 2007 +.Dd January 12, 2008 .Dt RC.CONF 5 .Os .Sh NAME @@ -952,10 +952,6 @@ will cause the kernel to ignore TCP frames that have both the SYN and FIN flags set. This prevents OS fingerprinting, but may break some legitimate applications. -This option is only available if the -kernel was built with the -.Dv TCP_DROP_SYNFIN -option. .It Va icmp_drop_redirect .Pq Vt bool Set to