Date: Wed, 28 May 2008 18:48:54 -0400 From: Robert Blayzor <rblayzor.bulk@inoc.net> To: Chuck Swiger <cswiger@mac.com> Cc: freebsd-stable@freebsd.org Subject: Re: Sockets stuck in FIN_WAIT_1 Message-ID: <23C02C8B-281A-4ABD-8144-3E25E36EDAB4@inoc.net> In-Reply-To: <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com> References: <B42F9BDF-1E00-45FF-BD88-5A07B5B553DC@inoc.net> <1A19ABA2-61CD-4D92-A08D-5D9650D69768@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 28, 2008, at 6:43 PM, Chuck Swiger wrote: > You didn't mention which version of FreeBSD you are running-- that's > rather important info. Actually, I just checked, this is a 4.11 server, I thought it was running at least 6.2. >> 00200 allow tcp from any to me 80 setup >> 00200 allow icmp from any to me icmptype 0,3,8,11 >> 00200 deny log ip from any to me > > Also, surely these can't be the only IPFW rules you are using? If > you want to use stateful rules, you need a keep-state argument, and > you shouldn't be combining allow rules and deny rules into the same > ruleset number... Right, I have a : 00100 allow tcp from any to any established in there as well, but noted on the later part. -- Robert Blayzor, BOFH INOC, LLC rblayzor@inoc.net http://www.inoc.net/~rblayzor/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23C02C8B-281A-4ABD-8144-3E25E36EDAB4>