OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: log with dynamic firewall rules
From: Bill Fumerola (billfchimesnet.com)
Date: Sun Jul 30 2000 - 17:53:09 CDT

On Sun, Jul 30, 2000 at 05:24:50PM -0500, stephenmath.missouri.edu wrote:

> Actually, I'm becoming dissatisfied with the concept of dynamic
> rules using ipfw. I have gone back to static rules. I am only
> a home computer, and I don't need anything complicated. If I
> ever need dynamic rules, I will learn ipfilter and see how that
> does.

I fear the dynamic rule code, or I'd attempt to figure it all out
and come up with something better, but:

> Now wait five minutes and the dynamic rule times out, and it stops
> working. Well, that is OK I suppose - you shouldn't have left it so long.

[boa.internal-billf 18:52:25]
< /home/billf > sysctl -a |grep dyn
net.inet.ip.fw.dyn_buckets: 256
net.inet.ip.fw.curr_dyn_buckets: 256
net.inet.ip.fw.dyn_count: 0
net.inet.ip.fw.dyn_max: 1000
net.inet.ip.fw.dyn_ack_lifetime: 300
net.inet.ip.fw.dyn_syn_lifetime: 20
net.inet.ip.fw.dyn_fin_lifetime: 20
net.inet.ip.fw.dyn_rst_lifetime: 5

... it is a controllable behavior. 

-- 
Bill Fumerola - Network Architect, BOFH / Chimes, Inc.
                billfchimesnet.com / billfFreeBSD.org

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message