Date: Fri, 31 Aug 2007 15:21:28 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Subject: Re: IPFW - Keep State Message-ID: <200708311521.28643.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <001a01c7ebcb$53e455b0$6501a8c0@GRANT> References: <001a01c7ebcb$53e455b0$6501a8c0@GRANT>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 31 August 2007 14:34:51 Grant Peel wrote: > In a nutsheel, is it really necessary, or is thier a really compelling > reason to use keep-state for a normal web - email server? > > I sometimes see "Too many dynamic rules" and can see a correlation between > customer complaints and these log entries. > > My server all have about 200 rules, most of them counters for bandwidth > accounting. It is necessary for NAT, since it doesn't know what to do with replies from webservers otherwise (internet:80 => $ext_addr:high_port = what?) -- Mel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200708311521.28643.fbsd.questions>