Date: Thu, 5 Apr 2001 10:02:57 -0700 (PDT) From: anarcat@tao.ca To: freebsd-gnats-submit@freebsd.org Subject: docs/26366: ipfw(8) doesn't document which sysctl control dynamic rules Message-ID: <200104051702.f35H2ve61899@freefall.freebsd.org>
index | next in thread | raw e-mail
>Number: 26366
>Category: docs
>Synopsis: ipfw(8) doesn't document which sysctl control dynamic rules
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Apr 05 10:10:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: The Anarcat
>Release: FreeBSD-4.2-STABLE
>Organization:
Nada, Inc.
>Environment:
man page cgi interface on www.freebsd.org. :)
>Description:
ipfw(8) says:
keep-state [method]
Upon a match, the firewall will create a dynamic rule,
whose default behaviour is to matching bidirectional
traffic between source and destination IP/port using the
same protocol. The rule has a limited lifetime (con
trolled by a set of sysctl(8) variables), and the life
time is refreshed every time a matching packet is found.
Note that it mentions sysctl(8) variables, but does not specify which. I have not
been able to find the specification anywhere. In sysctl(8) or anywhere else...
>How-To-Repeat:
man ipfw
>Fix:
Ahem... It would be something more like a workaround, since I think that
all sysctl should be systematically documented in sysctl(8) or something
like that. Anyhow, here are the sysctls. I don'T know where to put them,
I just put the raw info here. It also seems that sysctl(8) does not feature
descriptions of the sysctl, but I'll put it down here anyways.
So the format is: variable, flag, description, default value. All
fields are uint32_t.
dyn_buckets, "Number of dyn. buckets", 256, must be power of 2
dyn_max, "Max number of dyn. rules", 1000
dyn_ack_lifetime, "Lifetime of dyn. rules for acks", 300
dyn_syn_lifetime, "Lifetime of dyn. rules for syn", 20
dyn_fin_lifetime, "Lifetime of dyn. rules for fin", 20
dyn_rst_lifetime, "Lifetime of dyn. rules for rst", 5
dyn_short_lifetime, "Lifetime of dyn. rules for other situations", 30
I find sad that the sysctl variables are not better documented, or am
I misinformed?
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message
home |
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104051702.f35H2ve61899>