ipfw rules for low-end server??
Tommy Forrest
tforrest at shellworld.net
Thu May 22 05:18:56 PDT 2003
On Wed, 21 May 2003, Chuck Swiger wrote:
---snip---
>
> > Should I use ipfw "dynamic" or "stateful" rules?
>
> Given that you are doing NAT, you might try using dynamic rules
> (keep-state/check-state), but how you configure your firewall rules
> should be based more on what's simple, easy to understand, and does the job.
>
And if you can actually get dynamic rules to work w/o timing out on you in
25 seconds on FBSD 4.8, please, let me know. I've about pulled out the
last hair on my head with the install of 4.8 I have. Telnet out, let it
sit for 25 seconds and bickitie bam, no more connection - even though
checking the rules, shows the telnet rule has 275 seconds left before a
keep-alive test. Problem exists with ipfw2 as well.
More information about the freebsd-questions
mailing list