Date: Fri, 11 Aug 2006 20:33:27 -0500 (CDT) From: Mike Silbersack <silby@silby.com> To: Simon Walton <simonw@matteworld.com> Cc: freebsd-net@freebsd.org Subject: Re: Long keepidle time Message-ID: <20060811203041.E44075@odysseus.silby.com> In-Reply-To: <44DD1909.40703@matteworld.com> References: <44DD1909.40703@matteworld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 11 Aug 2006, Simon Walton wrote: > Is there any reason why the default initial timeout for keep alive > packets needs to be as long as two hours? This period causes the dynamic > rules in my firewall filter to timeout. > > Is there a major objection to reducing the default idle time to > say 3 to 5 minutes? > > Simon Walton On reason behind a 2 hour keepalive is so that you don't have a 2 minute network outage that causes all your connections to timeout. Of course, as you point out, in the modern age of firewalls, more frequent keepalives can be a good thing. I don't forsee us changing FreeBSD's default keepalive setting, but you're more than welcome to change the setting on your own system. Also note that ipfw2 sends keepalive packets on its own, maybe you could switch to it and/or add that functionality to your favorite firewall package. :) Mike "Silby" Silbersack
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060811203041.E44075>