diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 1999-02-22 18:19:57 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 1999-02-22 18:19:57 +0000 |
commit | 1b968362aa997224cbd832b868d8fdc495b2c0f6 (patch) | |
tree | c0db747dac930fc7b2d9548c066ae82b4ad49724 /sys/conf | |
parent | 554dedb3c941e3a39994a7d606a87afbde6df702 (diff) | |
download | src-1b968362aa997224cbd832b868d8fdc495b2c0f6.tar.gz src-1b968362aa997224cbd832b868d8fdc495b2c0f6.zip |
Add support for stealth forwarding (forwarding packets without touching
their ttl). This can be used - in combination with the proper ipfw
incantations - to make a firewall or router invisible to traceroute
and other exploration tools.
This behaviour is controlled by a sysctl variable (net.inet.ip.stealth)
and hidden behind a kernel option (IPSTEALTH).
Reviewed by: eivind, bde
Notes
Notes:
svn path=/head/; revision=44219
Diffstat (limited to 'sys/conf')
-rw-r--r-- | sys/conf/NOTES | 7 | ||||
-rw-r--r-- | sys/conf/options | 3 |
2 files changed, 8 insertions, 2 deletions
diff --git a/sys/conf/NOTES b/sys/conf/NOTES index e1a40744757d..3175d27d5a70 100644 --- a/sys/conf/NOTES +++ b/sys/conf/NOTES @@ -2,7 +2,7 @@ # LINT -- config file for checking all the sources, tries to pull in # as much of the source tree as it can. # -# $Id: LINT,v 1.558 1999/02/21 15:04:43 nsouch Exp $ +# $Id: LINT,v 1.559 1999/02/21 16:23:23 n_hibma Exp $ # # NB: You probably don't want to try running a kernel built from this # file. Instead, you should start from GENERIC, and add options from @@ -456,6 +456,10 @@ options PPP_FILTER #enable bpf filtering (needs bpfilter) # IPFILTER_LOG enables ipfilter's logging. # IPFILTER_LKM enables LKM support for an ipfilter module (untested). # +# IPSTEALTH enables code to support stealth forwarding (i.e., forwarding +# packets without touching the ttl). This can be useful to hide firewalls +# from traceroute and similar tools. +# # TCPDEBUG is undocumented. # options "TCP_COMPAT_42" #emulate 4.2BSD TCP bugs @@ -470,6 +474,7 @@ options IPDIVERT #divert sockets options IPFILTER #kernel ipfilter support options IPFILTER_LOG #ipfilter logging #options IPFILTER_LKM #kernel support for ip_fil.o LKM +options IPSTEALTH #support for stealth forwarding options TCPDEBUG # ICMP_BANDLIM enables icmp error response bandwidth limiting. You diff --git a/sys/conf/options b/sys/conf/options index 6da960cb2c84..6263e9fba28e 100644 --- a/sys/conf/options +++ b/sys/conf/options @@ -1,4 +1,4 @@ -# $Id: options,v 1.126 1999/02/09 01:02:37 mjacob Exp $ +# $Id: options,v 1.127 1999/02/14 11:59:58 nsouch Exp $ # # On the handling of kernel options # @@ -201,6 +201,7 @@ IPFIREWALL_VERBOSE opt_ipfw.h IPFIREWALL_VERBOSE_LIMIT opt_ipfw.h IPFIREWALL_DEFAULT_TO_ACCEPT opt_ipfw.h IPFIREWALL_FORWARD opt_ipfw.h +IPSTEALTH IPX opt_ipx.h IPXIP opt_ipx.h IPTUNNEL opt_ipx.h |