Re: FIN_WAIT_2

From: Mike Silbersack (silby_at_silby.com)
Date: 03/26/05

  • Next message: John Barbieri: "Re: Problems with High Point Tech RocketRaid 1640" 
    Date: Sat, 26 Mar 2005 04:20:47 -0600 (CST)
To: Robert Gogolok <robertgogolok@web.de>

    On Tue, 22 Mar 2005, Robert Gogolok wrote:

    > http://lists.freebsd.org/mailman/htdig/freebsd-ipfw/2003-May/000204.html is
    > the same problem or similar problem.
    > Forgot to mention thge important fact I use ipfw, bad bad...
    >
    > With
    > # sysctl net.inet.ip.fw.dyn_keepalive=0
    > the FIN_WAIT_2 connections cleaned all up within a few minutes.
    >
    >
    > Robert

    You probably shouldn't use ipfw stateful rules to protect FreeBSD; I
    don't think it provides any benefit (unless you're using some concurrent
    connection limiting or something.)

    OTOH, blocking inbound packets to ports which are supposed to be unused
    and using stateful rules to allow outbound connections is certainly a good
    idea.

    Mike "Silby" Silbersack
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: John Barbieri: "Re: Problems with High Point Tech RocketRaid 1640"

    Relevant Pages

    • RE: NAT and IPFW rules
      ... First I agree with you the FBSD handbook documentation on firewall ... ipfw and IPFILTER which are both firewall software applications. ... firewall that does not use stateful rules is not very secure. ... IPFILTER 's stateful rules work fine, and it has it's own external ...
      (freebsd-questions)
    • IPFW Stateful behaviour
      ... I have found out IPFW stateful rules do not become attached to the interface and behave as PF stateful rules in floating mode. ... It creates stateful rule on enter if1, then it gets access to the net_staff2 on output from the if2 by a keep-state 31991 rule. ... Has solved this problem by tag and skipto, but it is not absolutely beautiful. ...
      (freebsd-net)
    • ipfw state tables
      ... We're using ipfw as a firewall solution on our network. ... stateful rules. ... The problem I have though, is that when we reload our ipfw ruleset, all ...
      (freebsd-questions)
    • Re: Looking for ipfw info.
      ... > legacy stateless rules when only stateful rules should be used to ... IPFW has major legacy ... > firewall solution for a firewall with an LAN behind it then IPFW. ...
      (freebsd-questions)