--- Norm Vilmer <[EMAIL PROTECTED]> wrote:
> Dave McCammon wrote:
>
> > --- Bill Moran <[EMAIL PROTECTED]> wrote:
> >
> >
> >>Rob <[EMAIL PROTECTED]> wrote:
> >>
> >>
> >>>Norm Vilmer wrote:
> >>>
> Here are the rules that I have that keep-state
> >>
> >>on the outside interface:
> >>
> >>
Micheal Patterson wrote:
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry
Micheal P
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 11:47 AM
Subject: Re: Too many dynamic rules, sorry
> Micheal Patter
Dave McCammon wrote:
--- Bill Moran <[EMAIL PROTECTED]> wrote:
Rob <[EMAIL PROTECTED]> wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state
on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53
keep-state
# For NTP
add 01400 pass udp from ${oip} to any 12
Bill Moran wrote:
Rob <[EMAIL PROTECTED]> wrote:
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from
Micheal Patterson wrote:
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry
I do h
--- Bill Moran <[EMAIL PROTECTED]> wrote:
> Rob <[EMAIL PROTECTED]> wrote:
>
> > Norm Vilmer wrote:
> > > Here are the rules that I have that keep-state
> on the outside interface:
> > >
> > > #For DNS
> > > add 01300 pass udp from ${oip} to any 53
> keep-state
> > > # For NTP
> > > add 01400 p
--- Bill Moran <[EMAIL PROTECTED]> wrote:
> Rob <[EMAIL PROTECTED]> wrote:
>
> > Norm Vilmer wrote:
> > > Here are the rules that I have that keep-state
> on the outside interface:
> > >
> > > #For DNS
> > > add 01300 pass udp from ${oip} to any 53
> keep-state
> > > # For NTP
> > > add 01400 p
> You'll generally need to keep state on UDP when you
> play online games.
>
> If you're smart, you don't allow arbitrary UDP
> packets from the outside
> world into your network, but if you're playing
> Unreal or something, then
> all communication is via UDP, and you won't be able
> to play.
>
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 10:30 AM
Subject: Re: Too many dynamic rules, sorry
>
> I do have a check-s
Rob <[EMAIL PROTECTED]> wrote:
> Norm Vilmer wrote:
> > Here are the rules that I have that keep-state on the outside interface:
> >
> > #For DNS
> > add 01300 pass udp from ${oip} to any 53 keep-state
> > # For NTP
> > add 01400 pass udp from ${oip} to any 123 keep-state
> > # For VPN
> > add 01
Micheal Patterson wrote:
.
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry
Mic
Norm Vilmer wrote:
Here are the rules that I have that keep-state on the outside interface:
#For DNS
add 01300 pass udp from ${oip} to any 53 keep-state
# For NTP
add 01400 pass udp from ${oip} to any 123 keep-state
# For VPN
add 01500 pass gre from any to any keep-state
# For ICMP
add 01600 pass i
.
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: "Micheal Patterson" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Friday, September 17, 2004 9:41 AM
Subject: Re: Too many dynamic rules, sorry
> Micheal Patterson wrote:
Micheal Patterson wrote:
.
- Original Message - From: "Norm Vilmer"
<[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirew
.
- Original Message -
From: "Norm Vilmer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, September 16, 2004 11:57 PM
Subject: Too many dynamic rules, sorry
If I repeatedly nmap my FreeBSD 4.10 machine configured with
ipfirewall,
I get the message &
If I repeatedly nmap my FreeBSD 4.10 machine configured with ipfirewall,
I get the message "Too many dynamic rules, sorry". Doing a sysctl -a
|grep ip.fw I can see the the net.inet.ip.fw.dyn_count has reached the
max value of 8192 that I set. The net.inet.ip.fw.dyn_ack_lifetime is set
17 matches
Mail list logo