Date: Tue, 10 Oct 2000 19:43:38 -0700 From: Dennis Glatting <dennis.glatting@software-munitions.com> To: current@freebsd.org Subject: ipfw and state expiration Message-ID: <39E3D3DA.CCC0AFC4@software-munitions.com>
next in thread | raw e-mail | index | archive | help
I am using IPFW with the keep-state primitive on DNS and NTP queries
(e.g., [1]). I've noticed, however, the number of dynamic rules only
increase -- there appears to be no pruning of the dynamic rules.
Looking through the code I only see a call to prune dynamic rules (via
remove_dyn_rule()) when the number of rules exceed some maximum,
rather at some time interval to insure dynamic rules are short lived.
Is this indeed the case? Aren't dynamic rules suppose to be short
lived? Did I not configure something improperly?
[1] $fwcmd add allow udp from any to ${wip} 53 via ${wif} keep-state
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39E3D3DA.CCC0AFC4>