Date: Thu, 19 Jul 2001 18:33:56 +0200 From: marcs@draenor.org To: FreeBSD-gnats-submit@freebsd.org Subject: docs/29086: changes to dialup firewall tutorial Message-ID: <E15NGkO-0009Ns-00@draenor.org>
next in thread | raw e-mail | index | archive | help
>Number: 29086 >Category: docs >Synopsis: updates to the freebsd dialup firewall tutorial >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Jul 19 09:40:21 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Super-User >Release: FreeBSD 4.3-STABLE i386 >Organization: >Environment: System: FreeBSD draenor.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Tue May 1 14:56:20 SAST 2001 root@:/usr/src/sys/compile/DRAENOR i386 >Description: the dialup tutorial contains invalid kernel options. these have been removed, and a new Q/A put in. >How-To-Repeat: >Fix: patch below: --- article.sgml-orig Thu Jul 19 18:14:53 2001 +++ article.sgml Thu Jul 19 18:24:59 2001 @@ -103,17 +103,6 @@ <variablelist> <varlistentry> - <term><literal>options TCP_RESTRICT_RST</literal></term> - - <listitem> - <para>This option blocks all TCP RST packets. This is - best used for systems that might be exposed to SYN - flooding (IRC Servers are a good example) or for those who - do not want to be easily portscannable.</para> - </listitem> - </varlistentry> - - <varlistentry> <term><literal>options TCP_DROP_SYNFIN</literal></term> <listitem> @@ -272,6 +261,22 @@ because I prefer firewalling to be done at a kernel level rather than by a userland program.</para> </answer> + </qandaentry> + + <qandaentry> + <question> + <para>I get messages like "limit 100 reached on entry 2800" + and after that I never see more denies in my logs. Is my + firewall still working?</para> + </question> + + <answer> + <para>This merely means that the maximum logging count for the + rule has been reached. The rule itself is still working, + but it will no longer log until such time as you reset the + logging counters. This can be done by simply prefixing the + ipfw command with the "resetlog" option.</para> + </answer> </qandaentry> <qandaentry> >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E15NGkO-0009Ns-00>