From owner-freebsd-net@FreeBSD.ORG  Thu Jan 26 19:44:21 2012
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 3E8AF1065700
	for <freebsd-net@freebsd.org>; Thu, 26 Jan 2012 19:44:21 +0000 (UTC)
	(envelope-from mike@sentex.net)
Received: from smarthost1.sentex.ca (smarthost1-6.sentex.ca
	[IPv6:2607:f3e0:0:1::12])
	by mx1.freebsd.org (Postfix) with ESMTP id ECB3D8FC08
	for <freebsd-net@freebsd.org>; Thu, 26 Jan 2012 19:44:20 +0000 (UTC)
Received: from [IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a] (saphire3.sentex.ca
	[IPv6:2607:f3e0:0:4:f025:8813:7603:7e4a])
	by smarthost1.sentex.ca (8.14.5/8.14.4) with ESMTP id q0QJiJxq003479;
	Thu, 26 Jan 2012 14:44:19 -0500 (EST) (envelope-from mike@sentex.net)
Message-ID: <4F21AD09.9010307@sentex.net>
Date: Thu, 26 Jan 2012 14:44:09 -0500
From: Mike Tancsa <mike@sentex.net>
Organization: Sentex Communications
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US;
	rv:1.9.2.13) Gecko/20101207 Thunderbird/3.1.7
MIME-Version: 1.0
To: satish amara <satishkamara@gmail.com>
References: <CAGSLe_G1u9hc5NuxVKQqqezWEu8i_5ChLqxc2LTRwTCcmEO3Lw@mail.gmail.com>
In-Reply-To: <CAGSLe_G1u9hc5NuxVKQqqezWEu8i_5ChLqxc2LTRwTCcmEO3Lw@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.71 on IPv6:2607:f3e0:0:1::12
Cc: freebsd-net@freebsd.org
Subject: Re: stateful firewall implementation in FreeBSD
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 19:44:21 -0000

On 1/26/2012 12:24 PM, satish amara wrote:
> Hi,
> I have question regarding stateful firewall implementation of FreeBSD.
> IPF has  stateful “keep state” option.

Hi,
	Take a look at pf, not ipf. ipf is not really maintained or used much
any more under FreeBSD.  With respect to dealing with congestion, there
are many params you can tune in pf.  Take a look at the man pages for
pf.conf for details as you can control how this situation is dealt with
to some degree.

	---Mike

-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/