From owner-freebsd-questions Sun Nov 10 5:15:59 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3536D37B401 for ; Sun, 10 Nov 2002 05:15:58 -0800 (PST) Received: from labs.gr (labs.gr [62.103.160.6]) by mx1.FreeBSD.org (Postfix) with SMTP id E79C143E6E for ; Sun, 10 Nov 2002 05:15:56 -0800 (PST) (envelope-from keramida@freebsd.org) Received: (qmail 17814 invoked by uid 105); 10 Nov 2002 13:15:49 -0000 Date: Sun, 10 Nov 2002 15:15:49 +0200 From: Giorgos Keramidas To: Micael Ebbmar Cc: freebsd-questions@FreeBSD.ORG Subject: Re: IPFW2 denies packet although they match ALLOW rule? Message-ID: <20021110131549.GA17648@labs.gr> References: <20021109171923.GA41802@h173n2fls21o55> <006b01c2883c$bf360900$42d7cdd4@LocalHost> <20021109230808.GA2478@h173n2fls21o55.telia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021109230808.GA2478@h173n2fls21o55.telia.com> X-PGP-Fingerprint: C1EB 0653 DB8B A557 3829 00F9 D60F 941A 3186 03B6 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 2002-11-10 00:08, Micael Ebbmar wrote: > * Giorgos Keramidas [021109 23:11]: > > > > Web clients some times cache connections to web servers, hoping to > > save some time from avoiding a reconnect for every GET request. > > Could it be that your clients thinks that a cached connection is > > still valid long after the dynamic ipfw rule has expired? > > Well, that's a possibility.. esp. with all those banners that > refreshes every now and then. Can you experiment with the net.inet.ip.fw.dyn_XXXX sysctls a bit? I can't check the source of fetchmail right now to verify that caching of connections could be a valid cause. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message