Martti Kuparinen wrote: > Darren Reed wrote: > > >>>We have IPF 4.1.8 (NetBSD/i386 3.0_BETA) in our firewall and we see > >>>a lot of entries like this in memory according to ipfstat -t: > >>> > >>>x.x.x.x,2913 x.x.x.x,80 0/5 tcp 197 93564 105:49:31 > >>>x.x.x.x,2536 x.x.x.x,80 2/5 tcp 181 93230 108:28:36 > > > For those in non-established state, you can do: > > > > ipf -F s > > Thanks! I added this to my cron (executed every 10 minutes).
Isn't this dangerous? It might disrupt a new connection just in the process of becoming established or a terminating connection in the process of normal finishing. I do not see why these entries should be forcibly removed in normal operation (apart from exceptional cases), provided the state table is large enough.
