Stateful IPFW - too many connections in FIN_WAIT_2 or LAST_ACK states

[Chuck Swiger]

On Apr 21, 2012, at 4:41 AM, Dmitry S. Kasterin wrote:
> The "DYNAMIC RULES" section gives the following recommendation:
> 	   ipfw add check-state
> 	   ipfw add deny tcp from any to any established
> 	   ipfw add allow tcp from my-net to any setup keep-state
> 
> Is the second rule necessary?

If your security policy is "default deny", then yes.

Regards,
-- 
-Chuck