Date: Mon, 7 Feb 2005 00:16:44 -0600 From: "Brian" <bbayorgeon@new.rr.com> To: <freebsd-questions@freebsd.org> Subject: ipfw / drop sessions / incoming http / keep-state Message-ID: <000201c50cdc$a0c28c10$4402000a@Marshal>
next in thread | raw e-mail | index | archive | help
Greetings: I'm trying to sort out an issue with drop session error messages...see below Can some please explain what the difference / benefits between the two possible firewall rules shown below? I have been uncertain if I should use the keep-state option for the incoming connections. Incoming Connections seen to work ok without keep-state, But I also seem to get the drop session errors When there are incoming http connections Thanks for you help Brian >From firewall script #$cmd 396 allow tcp from any to me 80 in via $oif setup limit src-addr 4 # Incoming http connections $cmd 396 allow tcp from any to me 80 in via $oif setup $ks # Incoming http connections >From Log File Feb 6 12:03:25 rakort kernel: drop session, too many entries Feb 6 12:03:51 rakort last message repeated 4 times Feb 6 12:05:46 rakort last message repeated 13 times
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000201c50cdc$a0c28c10$4402000a>