Date: Sat, 3 Aug 2002 17:06:12 +0200 From: "eberkut" <eberkut@minithins.net> To: <freebsd-ipfw@freebsd.org> Subject: timeout Message-ID: <NGBBKNDGKLKPMMNHJJLEIELBCAAA.eberkut@minithins.net>
next in thread | raw e-mail | index | archive | help
Hi, Is there any chances to see the lifetime patch integrated into freebsd ? This patch is very useful to enforce timeout for connections and there is a version for IPFW2 against -stable. http://www.aarongifford.com/computers/ipfwpatch.html Also there is a type of timeout features which could be useful both for security or state track tuning, those similar to Cisco's CBAC global timeouts or the pf.conf's set timeout options (see http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu r_c/scprt3/scdcbac.htm#xtocid27 and pf.conf(5) readable on openbsd.org). Specially, CBAC does a great work against syn flood & co. Some options may also be useful against scan. And one can use state timeout to agressively drop unresponsive/congested/slow connections. just a few feature suggestions ;) --eberkut Semper ego auditor tantum ? Nunquamne reponam ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NGBBKNDGKLKPMMNHJJLEIELBCAAA.eberkut>