Kernel Option : IP: always defragment
Hi, I want to activate the Option "IP:always defragment" in mein Kernel-Konfiguration to make my Firewall more secure but I didnt find this OPtion in menuconfig or in the file .config Is this Option in a SuSE7 Kernel active or not ? Or where can I activate it ? Or how can I force the kernel to reassemble IP-Fragments before Forwarding ? Thanx Daniel Golesny
Hi. I have the following in my custom fw script: ## Habilitamos la defragmentacion automatica en el kernel echo 1 > /proc/sys/net/ipv4/ip_always_defrag Sorry, ## is in Spanish :-) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Thu, 23 Nov 2000 13:31:01 +0100, you wrote:
Hi,
I want to activate the Option "IP:always defragment" in mein Kernel-Konfiguration to make my Firewall more secure but I didnt find this OPtion in menuconfig or in the file .config
Is this Option in a SuSE7 Kernel active or not ? Or where can I activate it ? Or how can I force the kernel to reassemble IP-Fragments before Forwarding ?
Thanx
Daniel Golesny
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
No, simply run this script after booting your system. Am Don, 23 Nov 2000 schrieben Sie:
Hi,
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
Do I have to compile the kernel after switching this option or not ?
Bye Daniel Golesny
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
No, this is a runtime option and must be enabled everytime you boot, so stick it in a startup script. Cheers Nix At 02:17 PM 23/11/2000 +0100, you wrote:
Hi,
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
Do I have to compile the kernel after switching this option or not ?
Bye Daniel Golesny
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
No, this is a runtime option and must be enabled everytime you boot, so stick it in a startup script.
Cheers
Nix
At 02:17 PM 23/11/2000 +0100, you wrote:
Hi,
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
Where can I find a list of all options in /proc/sys/net/ipv4, what to send to them to activate them and what they are doing exactly? mfg ar -- mailto:andreas@rittershofer.de http://www.rittershofer.de PGP-Public-Key http://www.rittershofer.de/ari.htm
echo 1 > /proc/sys/net/ipv4/ip_always_defrag
Where can I find a list of all options in /proc/sys/net/ipv4, what to send to them to activate them and what they are doing exactly?
Take a look at /usr/src/linux/Documentation/proc.txt, also /usr/src/linux/Documentation/networking/ip-sysctl.txt (This is the kernel documentation tree). There is plenty of information in there, a huge improvement in 2.2 over 2.0.
mfg ar
Roman.
--
- -
| Roman Drahtmüller
participants (6)
-
Andreas Rittershofer -
Denis Hoyer -
dgolesny -
Nix -
Roman Drahtmueller -
RoMaN SoFt / LLFB!!