IPFW - Keep State

Grant Peel gpeel at thenetnow.com
Fri Aug 31 06:39:44 PDT 2007


I don't use NAT, so  is there any other compelling reasons? Speed etc?

-Grant

  ----- Original Message ----- 
  From: Mel 
  To: freebsd-questions at freebsd.org 
  Sent: Friday, August 31, 2007 9:21 AM
  Subject: Re: IPFW - Keep State


  On Friday 31 August 2007 14:34:51 Grant Peel wrote:

  > In a nutsheel, is it really necessary, or is thier a really compelling
  > reason to use keep-state for a normal web - email server?
  >
  > I sometimes see "Too many dynamic rules" and can see a correlation between
  > customer complaints and these log entries.
  >
  > My server all have about 200 rules, most of them counters for bandwidth
  > accounting.

  It is necessary for NAT, since it doesn't know what to do with replies from 
  webservers otherwise (internet:80 => $ext_addr:high_port = what?)

  -- 
  Mel
  _______________________________________________
  freebsd-questions at freebsd.org mailing list
  http://lists.freebsd.org/mailman/listinfo/freebsd-questions
  To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

------------------------------------------------------------------------------
        Total Control Panel  Login  
        To: gpeel at thenetnow.com  Block messages from this sender (blacklist)  
        From: owner-freebsd-questions at freebsd.org  Remove this sender from my whitelist  
          
        You received this message because the sender is on your whitelist.  


More information about the freebsd-questions mailing list