Subject: Re: port-unreachable and system reboot
To: Michael Richardson <>
From: None <>
List: tech-net
Date: 05/27/2001 10:02:45
>    > how about an (additional) ipf rule during bootstrap?
>  I'm not sure I understand your point here. I'm just suggesting something
>like the following, with tcp_silent_refused being sysctl'able. The idea
>to let the initiator keep trying instead of shutting them down immediately.
>  (I notice this while doing "make && scp netbsd mhost:" while mhost is
>still rebooting from db>... )

	my point is, once you implement tcp_silent_refused, you will want to do
	this for udp, and then for other protocols.  i don't think it
	worthwhile to do this in per-protocol hack basis.  my guess is that
	your problem will be solved by preventing the remove machine (mhost)
	from responding at all, by using ipf (deny all outgoing icmp traffic,
	or any traffic).  i'm suggesting to run something like below in
	your /etc/rc suite:
	1. install deny-all-outgoing ipf rules
	2. configure interfaces
	3. run daemons
	4. remove deny-all-outgoing ipf rules