From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 31 14:04:24 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 772B616A41A
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 14:04:24 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from snoogles.rachie.is-a-geek.net
	(66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27])
	by mx1.freebsd.org (Postfix) with ESMTP id 4BCB613C45B
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 14:04:24 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from localhost (localhost [127.0.0.1])
	by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 1C2491CC38
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 06:03:47 -0800 (AKDT)
From: Mel <fbsd.questions@rachie.is-a-geek.net>
To: freebsd-questions@freebsd.org
Date: Fri, 31 Aug 2007 16:03:45 +0200
User-Agent: KMail/1.9.7
References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT>
	<200708311521.28643.fbsd.questions@rachie.is-a-geek.net>
	<002301c7ebd4$47de17c0$6501a8c0@GRANT>
In-Reply-To: <002301c7ebd4$47de17c0$6501a8c0@GRANT>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200708311603.45877.fbsd.questions@rachie.is-a-geek.net>
Subject: Re: IPFW - Keep State
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2007 14:04:24 -0000

On Friday 31 August 2007 15:38:57 Grant Peel wrote:

> I don't use NAT, so  is there any other compelling reasons? Speed etc?

Speed is one. The dynamic rules only evaluate protocol, IP addresses and 
ports. Whether this is noticeable, only you can tell.

Also, if you're passing through traffic through other means (routing, 
bridging), that expects replies via the reverse route. So basically 
everything except local servers come to think of it.

You may wanna look into: `sysctl net.inet.ip.fw | grep dyn_'.
-- 
Mel