From owner-freebsd-security  Thu Sep 12 12:46:33 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB7D537B400
	for <freebsd-security@FreeBSD.ORG>; Thu, 12 Sep 2002 12:46:30 -0700 (PDT)
Received: from fubar.adept.org (fubar.adept.org [63.147.172.249])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7AA6B43E65
	for <freebsd-security@FreeBSD.ORG>; Thu, 12 Sep 2002 12:46:30 -0700 (PDT)
	(envelope-from mike@adept.org)
Received: by fubar.adept.org (Postfix, from userid 1001)
	id C8870154D3; Thu, 12 Sep 2002 12:45:49 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1])
	by fubar.adept.org (Postfix) with ESMTP
	id C6416154D1; Thu, 12 Sep 2002 12:45:49 -0700 (PDT)
Date: Thu, 12 Sep 2002 12:45:49 -0700 (PDT)
From: Mike <mike@adept.org>
To: dfolkins <dfolkins@comcast.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipfw, natd, and keep-state - strange behavior?
In-Reply-To: <00ac01c25a6c$1b34fb20$0a00a8c0@groovy3xp>
Message-ID: <20020912124432.F98133-100000@fubar.adept.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 12 Sep 2002, dfolkins wrote:
> lifetime of the above two rules to 600 and 20 again.  this would not trouble
> me otherwise, but as soon as the second rule (20 sec) expires, the ssh
> connection dies.

Apply these,

http://www.aarongifford.com/computers/ipfwpatch.html

Later,
-Mike


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message