From owner-freebsd-questions@FreeBSD.ORG Mon Sep 20 15:13:42 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A85EF16A4CE for ; Mon, 20 Sep 2004 15:13:42 +0000 (GMT) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id F2AD843D46 for ; Mon, 20 Sep 2004 15:13:41 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: from orion.daedalusnetworks.priv (host5.bedc.ondsl.gr [62.103.39.229])i8KFDdEb017527; Mon, 20 Sep 2004 18:13:40 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) i8KFDUV9073500; Mon, 20 Sep 2004 18:13:30 +0300 (EEST) (envelope-from keramida@freebsd.org) Received: (from keramida@localhost)i8KFDUwF073493; Mon, 20 Sep 2004 18:13:30 +0300 (EEST) (envelope-from keramida@freebsd.org) Date: Mon, 20 Sep 2004 18:13:30 +0300 From: Giorgos Keramidas To: adrian kok Message-ID: <20040920151330.GA59375@orion.daedalusnetworks.priv> References: <20040920144325.57237.qmail@web21201.mail.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040920144325.57237.qmail@web21201.mail.yahoo.com> cc: questions@freebsd.org Subject: Re: ipfw question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Sep 2004 15:13:42 -0000 On 2004-09-20 22:43, adrian kok wrote: > > 1/ Recently, my mrtg graph showed many spikes > "Incoming" in outer interface of the router. > > ls it possible to log them and check? It is. A better approach is to block everything that you don't really need and then start logging legitimate connections only if the problems with ``traffic spikes'' continue. > If I log everthing, I am afraid to slow down the > network. What is the best way to do it? Don't do it. It will truly slow down things a lot. > 2/ I read some firewall docs. they said that it is > good to allow 5% bandwidth for icmp only > ls it true? I don't know what docs you read about firewalls. The Handbook has a fairly good section on firewalls. Have you read that? If not, you should definitely give it a look. For an early chance to read what the ``Firewalls'' section will soon be replaced with, you might also want to read this: http://freebsd.so14k.com/firewall/firewalls.html I'm working with a few other guys to get this into the Handbook as the new ``Firewalls'' section before 5.3-RELEASE, but if it does help you should definitely read it. Joseph J. Barbish has written a couple of excellent firewall tutorials and guides that I've read so far, and this one is really worth a careful read. Just note that the text at the above URL is probably going to change a bit during the next couple of days, so be patient if you see changes going in :-) > how can I do it? See above. Giorgos