Date: Wed, 6 Jun 2012 11:40:57 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Simon <simon@optinet.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Proper Port Forwarding Message-ID: <CAHu1Y71_JwPSv13WQJXmkBX=bjCzhuW7%2BSPxwuz_1=o9qckpsw@mail.gmail.com> In-Reply-To: <20120606183127.68447106566B@hub.freebsd.org> References: <20120606183127.68447106566B@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 6, 2012 at 11:31 AM, Simon <simon@optinet.com> wrote: > This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW > stops forwarding using the rule above because of "too many dynamic rules" Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y71_JwPSv13WQJXmkBX=bjCzhuW7%2BSPxwuz_1=o9qckpsw>