Date: Sat, 26 Mar 2005 04:20:47 -0600 (CST) From: Mike Silbersack <silby@silby.com> To: Robert Gogolok <robertgogolok@web.de> Cc: freebsd-net@freebsd.org Subject: Re: FIN_WAIT_2 Message-ID: <20050326041751.X30898@odysseus.silby.com> In-Reply-To: <4240A09E.9070007@web.de> References: <42401B2A.70308@web.de> <4240A09E.9070007@web.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Mar 2005, Robert Gogolok wrote: > http://lists.freebsd.org/mailman/htdig/freebsd-ipfw/2003-May/000204.html is > the same problem or similar problem. > Forgot to mention thge important fact I use ipfw, bad bad... > > With > # sysctl net.inet.ip.fw.dyn_keepalive=0 > the FIN_WAIT_2 connections cleaned all up within a few minutes. > > > Robert You probably shouldn't use ipfw stateful rules to protect FreeBSD; I don't think it provides any benefit (unless you're using some concurrent connection limiting or something.) OTOH, blocking inbound packets to ports which are supposed to be unused and using stateful rules to allow outbound connections is certainly a good idea. Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050326041751.X30898>