ipfw / drop sessions / incoming http / keep-state
Brian
bbayorgeon at new.rr.com
Sun Feb 6 22:16:41 PST 2005
Greetings:
I'm trying to sort out an issue with drop session error
messages...see below
Can some please explain what the difference / benefits
between the two possible firewall rules shown below?
I have been uncertain if I should use the keep-state
option for the incoming connections. Incoming
Connections seen to work ok without keep-state,
But I also seem to get the drop session errors
When there are incoming http connections
Thanks for you help
Brian
>From firewall script
#$cmd 396 allow tcp from any to me 80 in via $oif setup limit src-addr 4
# Incoming http connections
$cmd 396 allow tcp from any to me 80 in via $oif setup $ks
# Incoming http connections
>From Log File
Feb 6 12:03:25 rakort kernel: drop session, too many entries
Feb 6 12:03:51 rakort last message repeated 4 times
Feb 6 12:05:46 rakort last message repeated 13 times
More information about the freebsd-questions
mailing list