From owner-freebsd-doc  Thu Jul 19  9:40:29 2001
Delivered-To: freebsd-doc@freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 49F7D37B401
	for <freebsd-doc@freebsd.org>; Thu, 19 Jul 2001 09:40:22 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f6JGeMi47597;
	Thu, 19 Jul 2001 09:40:22 -0700 (PDT)
	(envelope-from gnats)
Received: from draenor.org (draenor.org [196.36.119.129])
	by hub.freebsd.org (Postfix) with ESMTP id 1BC0C37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Jul 2001 09:33:59 -0700 (PDT)
	(envelope-from root@draenor.org)
Received: from root by draenor.org with local (Exim 3.31 #1)
	id 15NGkO-0009Ns-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 19 Jul 2001 18:33:56 +0200
Message-Id: <E15NGkO-0009Ns-00@draenor.org>
Date: Thu, 19 Jul 2001 18:33:56 +0200
From: marcs@draenor.org
Reply-To: marcs@draenor.org
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.113
Subject: docs/29086: changes to dialup firewall tutorial
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org


>Number:         29086
>Category:       docs
>Synopsis:       updates to the freebsd dialup firewall tutorial
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 19 09:40:21 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     Super-User
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD draenor.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Tue May 1 14:56:20 SAST 2001 root@:/usr/src/sys/compile/DRAENOR i386


	
>Description:
the dialup tutorial contains invalid kernel options.  these have been removed, and a new Q/A put in.
>How-To-Repeat:
>Fix:
patch below:

--- article.sgml-orig	Thu Jul 19 18:14:53 2001
+++ article.sgml	Thu Jul 19 18:24:59 2001
@@ -103,17 +103,6 @@
 
     <variablelist>
       <varlistentry>
-	<term><literal>options TCP_RESTRICT_RST</literal></term>
-
-	<listitem>
-	  <para>This option blocks all TCP RST packets.  This is
-	    best used for systems that might be exposed to SYN 
-	    flooding (IRC Servers are a good example) or for those who 
-     	    do not want to be easily portscannable.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
 	<term><literal>options TCP_DROP_SYNFIN</literal></term>
 
 	<listitem>
@@ -272,6 +261,22 @@
 	    because I prefer firewalling to be done at a kernel level rather
 	    than by a userland program.</para>
 	</answer>
+      </qandaentry>
+
+      <qandaentry>
+        <question>
+	  <para>I get messages like "limit 100 reached on entry 2800"
+  	    and after that I never see more denies in my logs.  Is my 
+	    firewall still working?</para>
+        </question>
+
+	<answer>
+	  <para>This merely means that the maximum logging count for the
+	    rule has been reached.  The rule itself is still working,
+	    but it will no longer log until such time as you reset the
+	    logging counters.  This can be done by simply prefixing the
+	    ipfw command with the "resetlog" option.</para>
+        </answer>
       </qandaentry>
 
       <qandaentry>
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message