On Wed, Jun 6, 2012 at 11:31 AM, Simon <si...@optinet.com> wrote: > This easily causes DoS for when too many FIN_WAIT_2 are created and IPFW > stops forwarding using the rule above because of "too many dynamic rules"
Change the defaults for the fw.dyn sysctl MIB nodes to something like net.inet.ip.fw.dyn_short_lifetime=3 net.inet.ip.fw.dyn_udp_lifetime=3 net.inet.ip.fw.dyn_rst_lifetime=1 net.inet.ip.fw.dyn_fin_lifetime=1 net.inet.ip.fw.dyn_syn_lifetime=10 _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
