Date: Fri, 31 Aug 2007 09:38:57 -0400 From: "Grant Peel" <gpeel@thenetnow.com> To: "Mel" <fbsd.questions@rachie.is-a-geek.net>, <freebsd-questions@freebsd.org> Subject: Re: IPFW - Keep State Message-ID: <002301c7ebd4$47de17c0$6501a8c0@GRANT> References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT> <200708311521.28643.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't use NAT, so is there any other compelling reasons? Speed etc? -Grant ----- Original Message -----=20 From: Mel=20 To: freebsd-questions@freebsd.org=20 Sent: Friday, August 31, 2007 9:21 AM Subject: Re: IPFW - Keep State On Friday 31 August 2007 14:34:51 Grant Peel wrote: > In a nutsheel, is it really necessary, or is thier a really = compelling > reason to use keep-state for a normal web - email server? > > I sometimes see "Too many dynamic rules" and can see a correlation = between > customer complaints and these log entries. > > My server all have about 200 rules, most of them counters for = bandwidth > accounting. It is necessary for NAT, since it doesn't know what to do with replies = from=20 webservers otherwise (internet:80 =3D> $ext_addr:high_port =3D what?) --=20 Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org" -------------------------------------------------------------------------= ----- Total Control Panel Login =20 To: gpeel@thenetnow.com Block messages from this sender = (blacklist) =20 From: owner-freebsd-questions@freebsd.org Remove this sender = from my whitelist =20 =20 You received this message because the sender is on your = whitelist. =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c7ebd4$47de17c0$6501a8c0>