Proper Port Forwarding
Michael Sierchio
kudzu at tenebras.com
Wed Jun 6 18:40:58 UTC 2012
On Wed, Jun 6, 2012 at 11:31 AM, Simon <simon at optinet.com> wrote:
> This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW
> stops forwarding using the rule above because of "too many dynamic rules"
Change the defaults for the fw.dyn sysctl MIB nodes
to something like
net.inet.ip.fw.dyn_short_lifetime=3
net.inet.ip.fw.dyn_udp_lifetime=3
net.inet.ip.fw.dyn_rst_lifetime=1
net.inet.ip.fw.dyn_fin_lifetime=1
net.inet.ip.fw.dyn_syn_lifetime=10
More information about the freebsd-questions
mailing list