I am using IPFW with the keep-state primitive on DNS and NTP queries
(e.g., [1]). I've noticed, however, the number of dynamic rules only
increase -- there appears to be no pruning of the dynamic rules.
Looking through the code I only see a call to prune dynamic rules (via
remove_dyn_rule()) when the number of rules exceed some maximum,
rather at some time interval to insure dynamic rules are short lived.
Is this indeed the case? Aren't dynamic rules suppose to be short
lived? Did I not configure something improperly?
[1] $fwcmd add allow udp from any to ${wip} 53 via ${wif} keep-state
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
