On May 30, 2008, at 4:41 AM, Ian Smith wrote:
Without debating your stateful alternative - either should work fine
for
TCP applications - this allowed inbound icmp packets for types
0,3,8,11
but no outbound icmp at all (assuming your firewall defaults to deny).
Switching the ipfw rules over to be stateful did not help, the server
just wasn't busy enough. Overnight the FIN_WAIT_1's continued to pile
up to over 600... and I'm sure they'll just keep going up until I have
to reboot the box again. However Tod's suggestion to use a small sh
script and tcpdrop seems to at least put a band-aid on things, so I
don't have to reboot now.
--
Robert Blayzor, BOFH
INOC, LLC
[EMAIL PROTECTED]
http://www.inoc.net/~rblayzor/
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
