Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 3 Aug 2002 17:06:12 +0200
From:      "eberkut" <eberkut@minithins.net>
To:        <freebsd-ipfw@freebsd.org>
Subject:   timeout
Message-ID:  <NGBBKNDGKLKPMMNHJJLEIELBCAAA.eberkut@minithins.net>

Next in thread | Raw E-Mail | Index | Archive | Help
Hi,

Is there any chances to see the lifetime patch integrated
into freebsd ? This patch is very useful to enforce timeout
for connections and there is a version for IPFW2 against
-stable.

http://www.aarongifford.com/computers/ipfwpatch.html

Also there is a type of timeout features which could be
useful both for security or state track tuning, those similar
to Cisco's CBAC global timeouts or the pf.conf's set timeout
options (see
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secu
r_c/scprt3/scdcbac.htm#xtocid27
and pf.conf(5) readable on openbsd.org). Specially, CBAC
does a great work against syn flood & co. Some options may
also be useful against scan. And one can use state timeout
to agressively drop unresponsive/congested/slow connections.

just a few feature suggestions ;)

--eberkut
Semper ego auditor tantum ? Nunquamne reponam ?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?NGBBKNDGKLKPMMNHJJLEIELBCAAA.eberkut>