Date: Wed, 2 Nov 2011 09:46:51 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Tim Gustafson <tjg@soe.ucsc.edu> Cc: freebsd-ipfw@freebsd.org Subject: Re: IPFW Problems Message-ID: <CAHu1Y71WUyONR5ACurNNZVctdvj3s3a5ng6KfvFeAdMaYEep=Q@mail.gmail.com> In-Reply-To: <1048019764.24079.1320248771403.JavaMail.root@mail-01.cse.ucsc.edu> References: <1335821625.24060.1320248576610.JavaMail.root@mail-01.cse.ucsc.edu> <1048019764.24079.1320248771403.JavaMail.root@mail-01.cse.ucsc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Nov 2, 2011 at 8:46 AM, Tim Gustafson <tjg@soe.ucsc.edu> wrote: > What I've been noticing is that the web server is accumulating a large nu= mber of dynamic rules that are not going away... > Can anyone help me understand what is going on here? =A0Have I found some= sort of bug, or do I have my firewall incorrectly configured? You may want to tweak the sysctl items that control the lifespan of dynamic rules. sysctl net.inet.ip.fw in particular, the default value of net.inet.ip.fw.dyn_ack_lifetime is probably way too long for your purposes.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y71WUyONR5ACurNNZVctdvj3s3a5ng6KfvFeAdMaYEep=Q>