[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  Garrett <glc at c dash email dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Firewall states page - strange behavior
 Date:  Fri, 11 Nov 2005 11:14:09 -0500 
Garrett,

	The Firewall State table tracks all connections...  But, things only
stay in the state table until the connection either times-out, or until the
connection closes.  I think HTTP doesn't completely close out and since DNS
is UDP based, it doesn't either.  (HTTP servers may send a RST instead of
FIN - not sure on the exact reason these show up so much more frequently)

	The specific ones you are looking for are probably very short-lived
connections that close down completely...  If you can catch one in action,
you'll see it there.  You may have to refresh the page quickly looking for
them, though.

Paul


-----Original Message-----
From: Garrett [mailto:glc at c dash email dot com] 
Sent: Wednesday, November 09, 2005 5:42 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] Firewall states page - strange behavior

Noticed that the 'Firewall states' page never seems to track entries
realated to mail (local_IP | dynamic_port | global_IP | 110 | tcp) like it
does with HTTP and DNS.  Why is that?

-Garrett