Jason Morgan <[EMAIL PROTECTED]> writes: > I have a problem with my dynamic IPFW2 rules - they aren't dying. The > system has been up now for 14 days, with it acting as firewall to two > systems inside. One of the systems inside is also running IPFW2, but is > in an open state. Here is the ruleset I am running, I have made no > changes to the kernel variables regulating packet time-out - oh, and I'm > running 4.7. > [ruleset] > > Currently, I have more than 180 dynamic rules active, most are attached > to rule 00610. 180 rules seems to be excessive, and they don't seem to > be timing out. Is my ruleset screwed up? > > Thanks > Jason >
IPFW2 will attempt to test if a connection is still open, and if it is will keep the matching rule intact. Search for "keepalive" on the ipfw manpage. -- Dan Pelleg To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message