I don't use NAT, so is there any other compelling reasons? Speed etc? -Grant
----- Original Message ----- From: Mel To: freebsd-questions@freebsd.org Sent: Friday, August 31, 2007 9:21 AM Subject: Re: IPFW - Keep State On Friday 31 August 2007 14:34:51 Grant Peel wrote: > In a nutsheel, is it really necessary, or is thier a really compelling > reason to use keep-state for a normal web - email server? > > I sometimes see "Too many dynamic rules" and can see a correlation between > customer complaints and these log entries. > > My server all have about 200 rules, most of them counters for bandwidth > accounting. It is necessary for NAT, since it doesn't know what to do with replies from webservers otherwise (internet:80 => $ext_addr:high_port = what?) -- Mel _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ------------------------------------------------------------------------------ Total Control Panel Login To: [EMAIL PROTECTED] Block messages from this sender (blacklist) From: [EMAIL PROTECTED] Remove this sender from my whitelist You received this message because the sender is on your whitelist. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"