Date: Tue, 27 Nov 2001 14:28:53 +0200 From: Ruslan Ermilov <ru@FreeBSD.ORG> To: "Carroll, D. (Danny)" <Danny.Carroll@mail.ing.nl> Cc: security@FreeBSD.ORG Subject: Re: IPFW, natd and an internal FTP server. Message-ID: <20011127142853.A58633@sunbay.com> In-Reply-To: <98829DC07ECECD47893074C4D525EFC321EA16@citsnl007b.europe.intranet> References: <98829DC07ECECD47893074C4D525EFC321EA16@citsnl007b.europe.intranet>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 27, 2001 at 01:22:09PM +0100, Carroll, D. (Danny) wrote: > > > :From: Ruslan Ermilov [mailto:ru@FreeBSD.ORG] > :On Mon, Nov 26, 2001 at 06:52:23PM +0000, Danny Carroll wrote: > :> > :Committed to 5.0-CURRENT, will MFC in 1 week. Thanks! > : > > Cooley... > Is there a rule of thumb as to how many rules you should allow for > punch_fw > > I mean if I had 100 ftp sessions would a ruleset of 300 be enough? > I imagine it would start to slow down rather quickly as teh ipfw rules > get larger. > Ruleset of precisely 200 would be enough. Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011127142853.A58633>