- 论坛徽章:
- 0
|
找到了
emb_limit:
Specifies the maximum number of embryonic connections per host. An embryonic connection is a connection request that has not finished the necessary handshake between source and destination. Set a small value for slower systems, and a higher value for faster systems. The default is 0, which means unlimited embryonic connections.
The embryonic connection limit lets you prevent a type of attack where processes are started without being completed. When the embryonic limit has been surpassed, the TCP intercept feature intercepts TCP synchronization (SYN) packets from clients to servers on a higher security level. The software establishes a connection with the client on behalf of the destination server, and if successful, establishes the connection with the server on behalf of the client and combines the two half-connections together transparently. Thus, connection attempts from unreachable hosts will never reach the server. The PIX firewall accomplishes TCP intercept functionality using SYN cookies.
max_conns
Specifies the maximum number of simultaneous TCP and UDP connections for the entire subnet. The default is 0, which means unlimited connections. (Idle connections are closed after the idle timeout specified by the timeout conn command.) |
|
免费注册
发表于 2006-06-21 14:47