> I have a problem with my dynamic IPFW2 rules - they aren't dying. The
> system has been up now for 14 days, with it acting as firewall to two
> systems inside. One of the systems inside is also running IPFW2, but is
> in an open state. Here is the ruleset I am running, I have made no
> changes to the kernel variables regulating packet time-out - oh, and I'm
> running 4.7.
> Currently, I have more than 180 dynamic rules active, most are attached
> to rule 00610. 180 rules seems to be excessive, and they don't seem to
> be timing out. Is my ruleset screwed up?
> Thanks
Jason 

IPFW2 will attempt to test if a connection is still open, and if it is will
keep the matching rule intact. Search for "keepalive" on the ipfw manpage.


  Dan Pelleg

