Date: Fri, 30 May 2008 05:31:50 -0400 From: Robert Blayzor <rblayzor.bulk@inoc.net> To: Ian Smith <smithi@nimnet.asn.au> Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 Message-ID: <2F37E54D-BB78-431E-87D0-A7976BE203C3@inoc.net> In-Reply-To: <Pine.BSF.3.96.1080530181243.25862A-100000@gaia.nimnet.asn.au> References: <Pine.BSF.3.96.1080530181243.25862A-100000@gaia.nimnet.asn.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 30, 2008, at 4:41 AM, Ian Smith wrote: > Without debating your stateful alternative - either should work fine > for > TCP applications - this allowed inbound icmp packets for types > 0,3,8,11 > but no outbound icmp at all (assuming your firewall defaults to deny). I didn't post all the rules, just the TCP based ones for the web server. I don't have an outbound send restriction. I believe I have a: permit ip from me to any out In there somewhere! ;-) -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net http://www.inoc.net/~rblayzor/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F37E54D-BB78-431E-87D0-A7976BE203C3>