FIN_WAIT_2
    Mike Silbersack 
    silby at silby.com
       
    Sat Mar 26 02:20:50 PST 2005
    
    
  
On Tue, 22 Mar 2005, Robert Gogolok wrote:
> http://lists.freebsd.org/mailman/htdig/freebsd-ipfw/2003-May/000204.html is 
> the same problem or similar problem.
> Forgot to mention thge important fact I use ipfw, bad bad...
>
> With
> # sysctl net.inet.ip.fw.dyn_keepalive=0
> the FIN_WAIT_2 connections cleaned all up within a few minutes.
>
>
> Robert
You probably shouldn't use ipfw stateful rules to protect FreeBSD; I 
don't think it provides any benefit (unless you're using some concurrent 
connection limiting or something.)
OTOH, blocking inbound packets to ports which are supposed to be unused 
and using stateful rules to allow outbound connections is certainly a good 
idea.
Mike "Silby" Silbersack
    
    
More information about the freebsd-net
mailing list