Subject: Re: port-unreachable and system reboot
To: None <tech-net@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-net
Date: 05/27/2001 06:48:55
In article <10731.990922884@itojun.org>,  <itojun@iijlab.net> wrote:
>>  When I reboot a system for some reason, I'd rather that anyone trying
>>to access it just keep trying. Unfortunately, there is a window between
>>ifconfig up, and starting the appropriate daemons when the system 
>>will return an ICMP port unreachable.
>>  I wonder if anyone has given any thought that perhaps one should not
>>send this ICMP at all until a sysctl has been set? (Which would be done
>>once all daemons are started)
>>  Aside from helping during bootup, this might also be useful to permit
>>a system to be someone more stealthy.
>
>	how about an (additional) ipf rule during bootstrap?

this is difficult to get right, because many daemons want to get replies back
from servers (think ntpdate).

christos