From root@draenor.org  Thu Jul 19 09:34:00 2001
Return-Path: <root@draenor.org>
Received: from draenor.org (draenor.org [196.36.119.129])
	by hub.freebsd.org (Postfix) with ESMTP id 1BC0C37B401
	for <FreeBSD-gnats-submit@freebsd.org>; Thu, 19 Jul 2001 09:33:59 -0700 (PDT)
	(envelope-from root@draenor.org)
Received: from root by draenor.org with local (Exim 3.31 #1)
	id 15NGkO-0009Ns-00
	for FreeBSD-gnats-submit@freebsd.org; Thu, 19 Jul 2001 18:33:56 +0200
Message-Id: <E15NGkO-0009Ns-00@draenor.org>
Date: Thu, 19 Jul 2001 18:33:56 +0200
From: marcs@draenor.org
Reply-To: marcs@draenor.org
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: changes to dialup firewall tutorial
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         29086
>Category:       docs
>Synopsis:       updates to the freebsd dialup firewall tutorial
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-doc
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 19 09:40:21 PDT 2001
>Closed-Date:    Fri Jul 20 00:42:12 PDT 2001
>Last-Modified:  Fri Jul 20 00:42:21 PDT 2001
>Originator:     Super-User
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD draenor.org 4.3-STABLE FreeBSD 4.3-STABLE #0: Tue May 1 14:56:20 SAST 2001 root@:/usr/src/sys/compile/DRAENOR i386


	
>Description:
the dialup tutorial contains invalid kernel options.  these have been removed, and a new Q/A put in.
>How-To-Repeat:
>Fix:
patch below:

--- article.sgml-orig	Thu Jul 19 18:14:53 2001
+++ article.sgml	Thu Jul 19 18:24:59 2001
@@ -103,17 +103,6 @@
 
     <variablelist>
       <varlistentry>
-	<term><literal>options TCP_RESTRICT_RST</literal></term>
-
-	<listitem>
-	  <para>This option blocks all TCP RST packets.  This is
-	    best used for systems that might be exposed to SYN 
-	    flooding (IRC Servers are a good example) or for those who 
-     	    do not want to be easily portscannable.</para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
 	<term><literal>options TCP_DROP_SYNFIN</literal></term>
 
 	<listitem>
@@ -272,6 +261,22 @@
 	    because I prefer firewalling to be done at a kernel level rather
 	    than by a userland program.</para>
 	</answer>
+      </qandaentry>
+
+      <qandaentry>
+        <question>
+	  <para>I get messages like "limit 100 reached on entry 2800"
+  	    and after that I never see more denies in my logs.  Is my 
+	    firewall still working?</para>
+        </question>
+
+	<answer>
+	  <para>This merely means that the maximum logging count for the
+	    rule has been reached.  The rule itself is still working,
+	    but it will no longer log until such time as you reset the
+	    logging counters.  This can be done by simply prefixing the
+	    ipfw command with the "resetlog" option.</para>
+        </answer>
       </qandaentry>
 
       <qandaentry>
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: dd 
State-Changed-When: Fri Jul 20 00:42:12 PDT 2001 
State-Changed-Why:  
Applied, thanks! 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=29086 
>Unformatted:
