Date: Mon, 20 Jan 2003 17:09:42 +0200 From: "Toomas Aas" <toomas.aas@raad.tartu.ee> To: "john" <john@johncglass.com>, questions@freebsd.org Subject: Re: IPFW stateful ruleset problems on 4.7 STABLE Message-ID: <200301201510.h0KFAUn00328@lv.raad.tartu.ee> In-Reply-To: <761D45700A1C344585688C2E85D0895B043233@controller>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > Jan 19 17:09:25 postfix /kernel: ipfw: 22500 Deny TCP 207.124.361.215:2345 10.10.10.10:80 in via sis0 > Jan 19 17:09:26 postfix /kernel: ipfw: 22500 Deny TCP 154.951.221.81:4376 10.10.10.10:80 in via sis0 > Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 158.113.207.162:55639 10.10.10.10:80 in via sis0 > Jan 19 17:09:32 postfix /kernel: ipfw: 22500 Deny TCP 127.113.227.62:55639 10.10.10.10:80 in via sis0 I'm not an expert on ipfw, but I did have similar problems with ipfilter: even though I used 'keep state flags S' to allow incoming connections to port 80, there were a lot of dropped packets with various flags (sans S). Nobody complained about not being able to view the website, though. I don't know what might be the cause of this. Finally, I just ceased keeping state on port 80 connections. -- Toomas Aas | toomas.aas@raad.tartu.ee | http://www.raad.tartu.ee/~toomas/ * I take my wife everywhere, but she keeps finding her way back. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200301201510.h0KFAUn00328>