Date: 17 Feb 2003 06:14:25 -0500 From: Dan Pelleg <daniel+bsd@pelleg.org> To: Jason Morgan <jwm-freebsd@sentinelchicken.net> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw2 dynamic rules not dying Message-ID: <u2sisvjtazy.fsf@gs166.sp.cs.cmu.edu> In-Reply-To: <20030215161916.GA80761@sentinelchicken.net> References: <20030215161916.GA80761@sentinelchicken.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jason Morgan <jwm-freebsd@sentinelchicken.net> writes: > I have a problem with my dynamic IPFW2 rules - they aren't dying. The > system has been up now for 14 days, with it acting as firewall to two > systems inside. One of the systems inside is also running IPFW2, but is > in an open state. Here is the ruleset I am running, I have made no > changes to the kernel variables regulating packet time-out - oh, and I'm > running 4.7. > [ruleset] > > Currently, I have more than 180 dynamic rules active, most are attached > to rule 00610. 180 rules seems to be excessive, and they don't seem to > be timing out. Is my ruleset screwed up? > > Thanks > Jason > IPFW2 will attempt to test if a connection is still open, and if it is will keep the matching rule intact. Search for "keepalive" on the ipfw manpage. -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sisvjtazy.fsf>