Date: Sun, 10 Nov 2002 15:15:49 +0200 From: Giorgos Keramidas <keramida@freebsd.org> To: Micael Ebbmar <micke@ebbmar.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW2 denies packet although they match ALLOW rule? Message-ID: <20021110131549.GA17648@labs.gr> In-Reply-To: <20021109230808.GA2478@h173n2fls21o55.telia.com> References: <20021109171923.GA41802@h173n2fls21o55> <006b01c2883c$bf360900$42d7cdd4@LocalHost> <20021109230808.GA2478@h173n2fls21o55.telia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2002-11-10 00:08, Micael Ebbmar <micke@ebbmar.net> wrote: > * Giorgos Keramidas <keramida@FreeBSD.ORG> [021109 23:11]: > > > > Web clients some times cache connections to web servers, hoping to > > save some time from avoiding a reconnect for every GET request. > > Could it be that your clients thinks that a cached connection is > > still valid long after the dynamic ipfw rule has expired? > > Well, that's a possibility.. esp. with all those banners that > refreshes every now and then. Can you experiment with the net.inet.ip.fw.dyn_XXXX sysctls a bit? I can't check the source of fetchmail right now to verify that caching of connections could be a valid cause. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021110131549.GA17648>