From owner-freebsd-questions  Mon Apr  8  3:20:38 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from noname.csdl.lt (noname.csdl.lt [194.176.40.182])
	by hub.freebsd.org (Postfix) with SMTP id 4690037B41C
	for <freebsd-questions@freebsd.org>; Mon,  8 Apr 2002 03:20:32 -0700 (PDT)
Received: (qmail 63045 invoked by uid 1000); 8 Apr 2002 10:20:30 -0000
Date: Mon, 8 Apr 2002 12:20:30 +0200
From: Paulius Bulotas <paulius@kaktusas.org>
To: freebsd-questions@freebsd.org
Subject: ipfw, smtp and dynamic rules (expiration?)
Message-ID: <20020408102030.GA62618@kaktusas.org>
Mail-Followup-To: freebsd-questions@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Hello,

this weekend enabled ipfw with stateful rules on 4.4-Release.
It's strange, that there are plenty connections that for some reason
doesn't match dynamic rules. My ruleset looks following:

01000 check-state
...
03000 allow tcp from any to me smtp in keep-state setup
...
07000 allow tcp from me to any keep-state out setup
65000 deny log logamount 0 ip from any to me in

What I get in ipfw.log is:
65000 Deny TCP 160.245.104.8:25 191.106.39.173:1690 in via ep0
Suppose, 191.106.39.173 is me.
It seems, that was connection from me:1690 to some:25 and then it
doesn't create dynamic rule? (or it expired?)
And then grepping ipfw s | grep 160.245.104.8 gives:
03000 28 3019 (T 0, # 10) ty 0 tcp, 160.245.104.8 56739 <-> 191.106.39.173 25

So, the question would be, how does it happen, that these connections
are logged? (and initiated ;)
Maybe dynamic rules expire? But then there must be long period for
expiration (net.inet.ip.fw.dyn_ack_lifetime? which I have set to 600), and smtp
seems to be more reliable protocol ;) The same happens with http, but
there could be keep-alive problem (maybe).

host 160.245.104.8 is running sendmail.

TIA
Paulius

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message