From owner-freebsd-net@FreeBSD.ORG Fri Aug 18 04:43:40 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0745D16A4DD for ; Fri, 18 Aug 2006 04:43:40 +0000 (UTC) (envelope-from chrcoluk@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.179]) by mx1.FreeBSD.org (Postfix) with ESMTP id 88FA043D45 for ; Fri, 18 Aug 2006 04:43:39 +0000 (GMT) (envelope-from chrcoluk@gmail.com) Received: by py-out-1112.google.com with SMTP id c59so1135961pyc for ; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=extLhXgQHSvwLXEwc6PWeuwsnJAesBe34m3P4Pszz3eJmyNEyY8GQQ29BAzq5liA4Ajg7KU7ltcesd9Ru7f0ZWd0M9DcmWKFSUpBr8V0WlVeSVe11V412WIldMbmgaLDwfszX7HBXDh9MVMvyfTFYaV23lB5KKd6FQRgRrtexaQ= Received: by 10.35.107.20 with SMTP id j20mr5010332pym; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) Received: by 10.35.29.20 with HTTP; Thu, 17 Aug 2006 21:43:38 -0700 (PDT) Message-ID: <3aaaa3a0608172143l103dafe0hf4c0fbc8044b0d01@mail.gmail.com> Date: Fri, 18 Aug 2006 05:43:38 +0100 From: Chris To: "Mike Silbersack" In-Reply-To: <20060811203041.E44075@odysseus.silby.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <44DD1909.40703@matteworld.com> <20060811203041.E44075@odysseus.silby.com> Cc: freebsd-net@freebsd.org, Simon Walton Subject: Re: Long keepidle time X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Aug 2006 04:43:40 -0000 On 12/08/06, Mike Silbersack wrote: > > On Fri, 11 Aug 2006, Simon Walton wrote: > > > Is there any reason why the default initial timeout for keep alive > > packets needs to be as long as two hours? This period causes the dynamic > > rules in my firewall filter to timeout. > > > > Is there a major objection to reducing the default idle time to > > say 3 to 5 minutes? > > > > Simon Walton > > On reason behind a 2 hour keepalive is so that you don't have a 2 minute > network outage that causes all your connections to timeout. > > Of course, as you point out, in the modern age of firewalls, more frequent > keepalives can be a good thing. > > I don't forsee us changing FreeBSD's default keepalive setting, but you're > more than welcome to change the setting on your own system. > > Also note that ipfw2 sends keepalive packets on its own, maybe you could > switch to it and/or add that functionality to your favorite firewall > package. :) > > Mike "Silby" Silbersack > _______________________________________________ whats the point of keeping a connection alive (hung) to a dead network for 2 hours tho? That I dont understand either. Chris