----
revision 1.82
date: 1999/05/23 20:33:50;  author: ad;  state: Exp;  lines: +10 -1
Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
connections to be logged.
   ----

Um... being one of the people who's basically responsible for maintaining
our TCP ... I'm sort of curious why:

	(1) This wasn't run by me,

	(2) there wasn't any discussion about it in some appropriate forum.

I see very little justification for this option, especially since, when
it's used, it's a great way for an outsider to fill up your file system
with useless log messages -- useless because the information in them can't
even be trusted; forging the source address on the SYN is pretty easy.

"Oh look!  Lots of connections refused from 10.0.0.1!!"

        -- Jason R. Thorpe <thorpej@nas.nasa.gov>