Attachment 15737 Details for Bug 29086 – file.diff

[patch] file.diff

file.diff (text/plain), 1.36 KB, created by Marc Silver on 2001-07-19 17:40:21 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Marc Silver

Created: 2001-07-19 17:40:21 UTC

Size: 1.36 KB

patch

obsolete

>--- article.sgml-orig	Thu Jul 19 18:14:53 2001
>+++ article.sgml	Thu Jul 19 18:24:59 2001
>@@ -103,17 +103,6 @@
> 
>     <variablelist>
>       <varlistentry>
>-	<term><literal>options TCP_RESTRICT_RST</literal></term>
>-
>-	<listitem>
>-	  <para>This option blocks all TCP RST packets.  This is
>-	    best used for systems that might be exposed to SYN 
>-	    flooding (IRC Servers are a good example) or for those who 
>-     	    do not want to be easily portscannable.</para>
>-	</listitem>
>-      </varlistentry>
>-
>-      <varlistentry>
> 	<term><literal>options TCP_DROP_SYNFIN</literal></term>
> 
> 	<listitem>
>@@ -272,6 +261,22 @@
> 	    because I prefer firewalling to be done at a kernel level rather
> 	    than by a userland program.</para>
> 	</answer>
>+      </qandaentry>
>+
>+      <qandaentry>
>+        <question>
>+	  <para>I get messages like "limit 100 reached on entry 2800"
>+  	    and after that I never see more denies in my logs.  Is my 
>+	    firewall still working?</para>
>+        </question>
>+
>+	<answer>
>+	  <para>This merely means that the maximum logging count for the
>+	    rule has been reached.  The rule itself is still working,
>+	    but it will no longer log until such time as you reset the
>+	    logging counters.  This can be done by simply prefixing the
>+	    ipfw command with the "resetlog" option.</para>
>+        </answer>
>       </qandaentry>
> 
>       <qandaentry>

Actions: View | Diff

Attachments on bug 29086: 15737