Subject: Re: net.inet.tcp.log_refused??
To: Jason Thorpe <>
From: Andrew Doran <>
List: tech-net
Date: 05/27/1999 09:47:38
Jason Thorpe wrote:
>    ----
> revision 1.82
> date: 1999/05/23 20:33:50;  author: ad;  state: Exp;  lines: +10 -1
> Add new sysctl (net.inet.tcp.log_refused) that when set, causes refused TCP
> connections to be logged.
>    ----
> Um... being one of the people who's basically responsible for maintaining
> our TCP ... I'm sort of curious why:
>         (1) This wasn't run by me,
>         (2) there wasn't any discussion about it in some appropriate forum.

I erred.
> I see very little justification for this option, especially since, when
> it's used, it's a great way for an outsider to fill up your file system
> with useless log messages -- useless because the information in them can't
> even be trusted; forging the source address on the SYN is pretty easy.

It's logged with LOG_INFO priority so this doesn't happen if your 
syslogd is using the default configuration. Many things can be forged;
the rationale behind the option is so you can at least see these things
> "Oh look!  Lots of connections refused from!!"

I will back out the change tonight.

- ad