From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 31 13:22:05 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 842AA16A41A
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 13:22:05 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from snoogles.rachie.is-a-geek.net
	(66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27])
	by mx1.freebsd.org (Postfix) with ESMTP id 5AE1C13C469
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 13:22:03 +0000 (UTC)
	(envelope-from fbsd.questions@rachie.is-a-geek.net)
Received: from localhost (localhost [127.0.0.1])
	by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id E20701CC38
	for <freebsd-questions@freebsd.org>;
	Fri, 31 Aug 2007 05:21:29 -0800 (AKDT)
From: Mel <fbsd.questions@rachie.is-a-geek.net>
To: freebsd-questions@freebsd.org
Date: Fri, 31 Aug 2007 15:21:28 +0200
User-Agent: KMail/1.9.7
References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT>
In-Reply-To: <001a01c7ebcb$53e455b0$6501a8c0@GRANT>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200708311521.28643.fbsd.questions@rachie.is-a-geek.net>
Subject: Re: IPFW - Keep State
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2007 13:22:05 -0000

On Friday 31 August 2007 14:34:51 Grant Peel wrote:

> In a nutsheel, is it really necessary, or is thier a really compelling
> reason to use keep-state for a normal web - email server?
>
> I sometimes see "Too many dynamic rules" and can see a correlation between
> customer complaints and these log entries.
>
> My server all have about 200 rules, most of them counters for bandwidth
> accounting.

It is necessary for NAT, since it doesn't know what to do with replies from 
webservers otherwise (internet:80 => $ext_addr:high_port = what?)

-- 
Mel