Date: Fri, 25 Jan 2002 17:53:40 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Luigi Rizzo <rizzo@icir.org> Cc: Sebastien Petit <spe@selectbourse.net>, net@FreeBSD.ORG Subject: Re: Timeouts on dynamic ipfw rules Message-ID: <20020125175340.C14394@blossom.cjclark.org> In-Reply-To: <20020125113929.B80956@iguana.icir.org>; from rizzo@icir.org on Fri, Jan 25, 2002 at 11:39:29AM -0800 References: <009301c1a5bd$616efc30$13c92c0a@intra.selectbourse.net> <20020125113929.B80956@iguana.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 25, 2002 at 11:39:29AM -0800, Luigi Rizzo wrote:
> there were patches floating around for something similar.
>
> cheers
> luigi
>
> On Fri, Jan 25, 2002 at 05:28:38PM +0100, Sebastien Petit wrote:
> > Hi,
> >
> > Is there a way to set per keep-state rule timeout ?
> > I want to have a little ack timeout for connection to mysql database tcp 3306 but a long ack timeout for other rules.
> > if not perhaps this syntax can be implemented on ipfw code, for example:
> > ipfw add ... keepstate setup timeout-ack 3600
> > or
> > ipfw add ... keepstate setup timeout-syn 50
> >
> > Perhaps I can do this stuff if there are no objections ?
I've got CURRENT patches to do this at the site in the .sig. My STABLE
ones bitrotted (the CURRENT ones might be pass the sell-by date
too). But I could redo them if there is interest.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020125175340.C14394>