IPFW Problems
Michael Sierchio
kudzu at tenebras.com
Wed Nov 2 16:46:52 UTC 2011
On Wed, Nov 2, 2011 at 8:46 AM, Tim Gustafson <tjg at soe.ucsc.edu> wrote:
> What I've been noticing is that the web server is accumulating a large number of dynamic rules that are not going away...
> Can anyone help me understand what is going on here? Have I found some sort of bug, or do I have my firewall incorrectly configured?
You may want to tweak the sysctl items that control the lifespan of
dynamic rules.
sysctl net.inet.ip.fw
in particular, the default value of net.inet.ip.fw.dyn_ack_lifetime is
probably way too long for your purposes.
More information about the freebsd-ipfw
mailing list