Date: Fri, 27 Jan 2006 08:42:31 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: ikaney@crisiant.com Cc: freebsd-questions@freebsd.org Subject: Re: Bridging Firewall Machine Questions Message-ID: <200601270142.k0R1gV6G049755@banyan.cs.ait.ac.th> In-Reply-To: <20060126115051.8840D43D45@mx1.FreeBSD.org> (ikaney@crisiant.com) References: <20060126115051.8840D43D45@mx1.FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've also had problems with the bridge running out of dynamic rules. I've > raised them to silly figures however I'm always wary that if a machine had a > Trojan or some other form of malware that attempted a DoS attack, the bridge > would probably fall over after exhausting its dynamic rule count and cause I beleive other firewall solution (iptable or ipchain whatever is the newest) have rate limiting for specific kind of traffic, so this should prevent DoS, but as far as I remember ipfw has no such feature. Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601270142.k0R1gV6G049755>