o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now

included in the kernel by default. Remove reference to this option from defaults/rc.conf and rc.conf(5). PR: conf/119098 Submitted by: Beat Gaetzi MFC after: 1 week
2008-01-12 20:52:30 +00:00 · 2008-01-12 20:52:30 +00:00 · 02be9380b7
commit 02be9380b7
parent 147942350a
2 changed files with 1 additions and 7 deletions
--- a/etc/defaults/rc.conf
+++ b/etc/defaults/rc.conf
@ -163,8 +163,6 @@ pfsync_ifconfig=""		# Additional options to ifconfig(8) for pfsync
 tcp_extensions="YES"		# Set to NO to turn off RFC1323 extensions.
 log_in_vain="0"			# >=1 to log connects to ports w/o listeners.
 tcp_keepalive="YES"		# Enable stale TCP connection timeout (or NO).
-# For the following option you need to have TCP_DROP_SYNFIN set in your
-# kernel.  Please refer to LINT and NOTES for details.
 tcp_drop_synfin="NO"		# Set to YES to drop TCP packets with SYN+FIN
 				# NOTE: this violates the TCP specification
 icmp_drop_redirect="NO" 	# Set to YES to ignore ICMP REDIRECT packets
--- a/share/man/man5/rc.conf.5
+++ b/share/man/man5/rc.conf.5
@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd October 27, 2007
+.Dd January 12, 2008
 .Dt RC.CONF 5
 .Os
 .Sh NAME
@ -952,10 +952,6 @@ will cause the kernel to ignore TCP frames that have both
 the SYN and FIN flags set.
 This prevents OS fingerprinting, but may
 break some legitimate applications.
-This option is only available if the
-kernel was built with the
-.Dv TCP_DROP_SYNFIN
-option.
 .It Va icmp_drop_redirect
 .Pq Vt bool
 Set to