From owner-freebsd-questions@FreeBSD.ORG Wed Jun 6 18:31:27 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 68447106566B for ; Wed, 6 Jun 2012 18:31:27 +0000 (UTC) (envelope-from simon@optinet.com) Received: from cobra.acceleratedweb.net (cobra-gw.acceleratedweb.net [207.99.79.37]) by mx1.freebsd.org (Postfix) with SMTP id 263788FC17 for ; Wed, 6 Jun 2012 18:31:27 +0000 (UTC) Received: (qmail 12020 invoked by uid 110); 6 Jun 2012 18:31:25 -0000 Received: from ool-4571afe7.dyn.optonline.net (HELO desktop1) (simon@optinet.com@69.113.175.231) by cobra.acceleratedweb.net with SMTP; 6 Jun 2012 18:31:25 -0000 From: "Simon" To: "freebsd-questions@freebsd.org" Date: Wed, 06 Jun 2012 14:31:24 -0400 Priority: Normal X-Mailer: PMMail 2000 Professional (2.20.2717) For Windows 2000 (5.1.2600;3) MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <20120606183127.68447106566B@hub.freebsd.org> Subject: Proper Port Forwarding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Jun 2012 18:31:27 -0000 Hi, Can someone suggest an alternative/proper way to port forward using ipfw. Right now I have the following and some bad clients cause too many FIN_WAIT_2 state fwd IP,PORT2 tcp from any to me dst-port PORT1 keep-state This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW stops forwarding using the rule above because of "too many dynamic rules" Thanks, Simon