From owner-freebsd-questions@FreeBSD.ORG Mon Aug 20 13:07:24 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BA7D116A417 for ; Mon, 20 Aug 2007 13:07:24 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from thenetnow.com (thenetnow.com [69.90.69.141]) by mx1.freebsd.org (Postfix) with ESMTP id 988DA13C4A3 for ; Mon, 20 Aug 2007 13:07:24 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from hpeel.ody.ca ([216.240.12.2] helo=GRANT) by constellation.thenetnow.com with esmtpa (Exim 4.63 (FreeBSD)) (envelope-from ) id 1IN6yZ-000GGL-Ia for freebsd-questions@freebsd.org; Mon, 20 Aug 2007 09:07:23 -0400 Message-ID: <037d01c7e32b$0c8d3c70$6501a8c0@GRANT> From: "Grant Peel" To: Date: Mon, 20 Aug 2007 09:07:23 -0400 Organization: The Net Now MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3138 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: IPFW Questions. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Grant Peel List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Aug 2007 13:07:24 -0000 Hi all, I was wondering what the concensus is on using dynamic rules in IPFW. = Every once in a while, I suppose there is a DoS attaclk that causes me = to see hundreds of: +ipfw: install_state: Too many dynamic rules in my security log. I am sure i read somewhere that many people are skipping the dynamic = rules and just relying on the line by line rules. You thoughts please. Any while your up, does anyone really know what this means? ipfw: pullup failed I dont see that often maybe 1 or 2 times a month. -Grant