Port scan detection in ipfw2
Paul Mather
paul at gromit.dlib.vt.edu
Thu Jun 10 13:31:05 GMT 2004
On Thu, 2004-06-10 at 08:46, Don Bowman wrote:
> There was a patch to ipfw posted last year that gave time
> to rules.
Interesting. Does the rule processing of the patch burden all packets
with an extra check (for time validity), or just those with a time
restraint on the rule? I wonder, also, how "keep-state" rules are
handled. Are the time constraints of the "keep-state" rule included
with the dynamic rule created from it? (If not, that would mean a
packet could be allowed in violation of its time constraint?)
Does the syntax of time specification use the local time zone, and, if
so, what happens during the switch between daylight savings... ;-)
Cheers,
Paul.
--
e-mail: paul at gromit.dlib.vt.edu
"Without music to decorate it, time is just a bunch of boring production
deadlines or dates by which bills must be paid."
--- Frank Vincent Zappa
More information about the freebsd-stable
mailing list