From owner-freebsd-stable@FreeBSD.ORG  Thu Jun 10 13:31:05 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5769316A4CE
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 13:31:05 +0000 (GMT)
Received: from gromit.dlib.vt.edu (gromit.dlib.vt.edu [128.173.49.29])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E091E43D41
	for <freebsd-stable@freebsd.org>;
	Thu, 10 Jun 2004 13:31:04 +0000 (GMT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from hawkwind.Chelsea-Ct.Org
	(pool-141-152-69-55.roa.east.verizon.net [141.152.69.55])
	by gromit.dlib.vt.edu (8.12.11/8.12.11) with ESMTP id i5ADUIQl066297
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK);
	Thu, 10 Jun 2004 09:30:20 -0400 (EDT)
	(envelope-from paul@gromit.dlib.vt.edu)
Received: from [192.168.1.25] (zappa.Chelsea-Ct.Org [192.168.1.25])
	i5ADUCfu021171;	Thu, 10 Jun 2004 09:30:13 -0400 (EDT)
From: Paul Mather <paul@gromit.dlib.vt.edu>
To: Don Bowman <don@sandvine.com>
In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337051D8F53@mail.sandvine.com>
References: <FE045D4D9F7AED4CBFF1B3B813C85337051D8F53@mail.sandvine.com>
Content-Type: text/plain
Message-Id: <1086874211.9393.32.camel@zappa.Chelsea-Ct.Org>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.6 
Date: Thu, 10 Jun 2004 09:30:12 -0400
Content-Transfer-Encoding: 7bit
cc: khoi@oddworld.com
cc: freebsd-stable@freebsd.org
Subject: RE: Port scan detection in ipfw2
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jun 2004 13:31:05 -0000

On Thu, 2004-06-10 at 08:46, Don Bowman wrote:

> There was a patch to ipfw posted last year that gave time
> to rules.

Interesting.  Does the rule processing of the patch burden all packets
with an extra check (for time validity), or just those with a time
restraint on the rule?  I wonder, also, how "keep-state" rules are
handled.  Are the time constraints of the "keep-state" rule included
with the dynamic rule created from it?  (If not, that would mean a
packet could be allowed in violation of its time constraint?)

Does the syntax of time specification use the local time zone, and, if
so, what happens during the switch between daylight savings... ;-)

Cheers,

Paul.
-- 
e-mail: paul@gromit.dlib.vt.edu

"Without music to decorate it, time is just a bunch of boring production
 deadlines or dates by which bills must be paid."
        --- Frank Vincent Zappa