From owner-freebsd-security  Wed Oct 17 16:53:56 2001
Delivered-To: freebsd-security@freebsd.org
Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236])
	by hub.freebsd.org (Postfix) with ESMTP id ACB3D37B401
	for <freebsd-security@freebsd.org>; Wed, 17 Oct 2001 16:53:52 -0700 (PDT)
Received: from isc.org (localhost.dv.isc.org [127.0.0.1])
	by drugs.dv.isc.org (8.11.3/8.11.2) with ESMTP id f9HNor915316;
	Thu, 18 Oct 2001 09:50:54 +1000 (EST)
	(envelope-from marka@isc.org)
Message-Id: <200110172350.f9HNor915316@drugs.dv.isc.org>
To: "Drew Tomlinson" <drew@mykitchentable.net>
Cc: freebsd-security@freebsd.org
From: Mark.Andrews@isc.org
Subject: Re: Dynamic IPFW Rules 
In-reply-to: Your message of "Wed, 17 Oct 2001 15:12:47 MST."
             <005d01c15758$da965b70$cd2a6ba5@lc.ca.gov> 
Date: Thu, 18 Oct 2001 09:50:53 +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


> I have created my first firewall and it seems to be handling traffic
> properly (yayyyy!).  However, I have noticed that my dynamic rules don't
> ever seem to expire. 

	[snip]

> 02100 1 60 (T 0, # 0) ty 0 tcp, 192.168.1.4 3139 <-> 64.21.143.23 80

	This is expired (T 0), just not removed.

	Mark

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews@isc.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message