Date: Fri, 31 Aug 2007 16:03:45 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: IPFW - Keep State Message-ID: <200708311603.45877.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <002301c7ebd4$47de17c0$6501a8c0@GRANT> References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT> <200708311521.28643.fbsd.questions@rachie.is-a-geek.net> <002301c7ebd4$47de17c0$6501a8c0@GRANT>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 31 August 2007 15:38:57 Grant Peel wrote: > I don't use NAT, so is there any other compelling reasons? Speed etc? Speed is one. The dynamic rules only evaluate protocol, IP addresses and ports. Whether this is noticeable, only you can tell. Also, if you're passing through traffic through other means (routing, bridging), that expects replies via the reverse route. So basically everything except local servers come to think of it. You may wanna look into: `sysctl net.inet.ip.fw | grep dyn_'. -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708311603.45877.fbsd.questions>