Date: 28 Jul 2002 10:25:25 -0400 From: Dan Pelleg <daniel+bsd@pelleg.org> To: ipfw@freebsd.org Subject: IPFW2 keep-alive Message-ID: <u2sit30hqui.fsf_-_@gs166.sp.cs.cmu.edu> In-Reply-To: <u2sit31royw.fsf@gs166.sp.cs.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
What's the exact mechanism to expire dynamic rules under IPFW2? I understand it's sending keep-alive packets as the rule is about to expire. Is there any way for these to result in the rule being removed? The behaviour I'm seeing is this: During a network partition, the application program (Mozilla) retried to connect to remote hosts and opened many connections, eventually hitting the LIMIT count. Now the network is back up. However there is no way to open new connections since the appropriate rule's LIMIT is met. Repeated ipfw -d show that the rules are refreshed when they have 5-6 seconds to live (and go back to 10 seconds or so). I'm not sure what's doing that - the local application is long terminated. The only workaround I found was to flush the ruleset (I guess replacing just that rule would have also worked). -- Dan Pelleg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2sit30hqui.fsf_-_>