On Tue, Apr 17, 2012 at 12:48 PM, Kevin Oberman <kob6...@gmail.com> wrote:
> > But I do have to ask why you find statefull rules for outgoing TCP > connections desirable? Why not: > 00101 allow tcp from me to any established > > It's useful and appropriate to have outbound connections be stateful. It's not a good idea to have inbound connections stateful, as it makes it easy to fill up the state table. To the OP: Look at the kernel tunables: net.inet.ip.fw.dyn_rst_lifetime net.inet.ip.fw.dyn_fin_lifetime net.inet.ip.fw.dyn_syn_lifetime net.inet.ip.fw.dyn_ack_lifetime _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
