Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 19 Jul 2001 18:33:56 +0200
From:      marcs@draenor.org
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   docs/29086: changes to dialup firewall tutorial
Message-ID:  <E15NGkO-0009Ns-00@draenor.org>
index | next in thread | raw e-mail 


>Number:         29086
>Category:       docs
>Synopsis:       updates to the freebsd dialup firewall tutorial
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 19 09:40:21 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Super-User
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD draenor.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Tue May 1 14:56:20 SAST 2001 root@:/usr/src/sys/compile/DRAENOR i386


	
>Description:
the dialup tutorial contains invalid kernel options.  these have been removed, and a new Q/A put in.
>How-To-Repeat:
>Fix:
patch below:

--- article.sgml-orig	Thu Jul 19 18:14:53 2001
+++ article.sgml	Thu Jul 19 18:24:59 2001
@@ -103,17 +103,6 @@
 
     <variablelist>
       <varlistentry>
-	<term><literal>options TCP_RESTRICT_RST</literal></term>
-
-	<listitem>
-	  <para>This option blocks all TCP RST packets.  This is
-	    best used for systems that might be exposed to SYN 
-	    flooding (IRC Servers are a good example) or for those who 
-     	    do not want to be easily portscannable.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
 	<term><literal>options TCP_DROP_SYNFIN</literal></term>
 
 	<listitem>
@@ -272,6 +261,22 @@
 	    because I prefer firewalling to be done at a kernel level rather
 	    than by a userland program.</para>
 	</answer>
+      </qandaentry>
+
+      <qandaentry>
+        <question>
+	  <para>I get messages like "limit 100 reached on entry 2800"
+  	    and after that I never see more denies in my logs.  Is my 
+	    firewall still working?</para>
+        </question>
+
+	<answer>
+	  <para>This merely means that the maximum logging count for the
+	    rule has been reached.  The rule itself is still working,
+	    but it will no longer log until such time as you reset the
+	    logging counters.  This can be done by simply prefixing the
+	    ipfw command with the "resetlog" option.</para>
+        </answer>
       </qandaentry>
 
       <qandaentry>
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15NGkO-0009Ns-00>