From owner-freebsd-net  Fri Jan 25 17:53:51 2002
Delivered-To: freebsd-net@freebsd.org
Received: from albatross.prod.itd.earthlink.net (albatross.mail.pas.earthlink.net [207.217.120.120])
	by hub.freebsd.org (Postfix) with ESMTP id 6172B37B404
	for <net@freebsd.org>; Fri, 25 Jan 2002 17:53:46 -0800 (PST)
Received: from dialup-209.245.128.125.dial1.sanjose1.level3.net ([209.245.128.125] helo=blossom.cjclark.org)
	by albatross.prod.itd.earthlink.net with esmtp (Exim 3.33 #1)
	id 16UI2L-0003Sp-00; Fri, 25 Jan 2002 17:53:45 -0800
Received: (from cjc@localhost)
	by blossom.cjclark.org (8.11.6/8.11.3) id g0Q1reh14885;
	Fri, 25 Jan 2002 17:53:40 -0800 (PST)
	(envelope-from cjc)
Date: Fri, 25 Jan 2002 17:53:40 -0800
From: "Crist J. Clark" <cjc@FreeBSD.ORG>
To: Luigi Rizzo <rizzo@icir.org>
Cc: Sebastien Petit <spe@selectbourse.net>, net@FreeBSD.ORG
Subject: Re: Timeouts on dynamic ipfw rules
Message-ID: <20020125175340.C14394@blossom.cjclark.org>
References: <009301c1a5bd$616efc30$13c92c0a@intra.selectbourse.net> <20020125113929.B80956@iguana.icir.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20020125113929.B80956@iguana.icir.org>; from rizzo@icir.org on Fri, Jan 25, 2002 at 11:39:29AM -0800
X-URL: http://people.freebsd.org/~cjc/
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-net.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-net>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-net>
X-Loop: FreeBSD.org

On Fri, Jan 25, 2002 at 11:39:29AM -0800, Luigi Rizzo wrote:
> there were patches floating around for something similar.
> 
> 	cheers
> 	luigi
> 
> On Fri, Jan 25, 2002 at 05:28:38PM +0100, Sebastien Petit wrote:
> > Hi,
> > 
> > Is there a way to set per keep-state rule timeout ?
> > I want to have a little ack timeout for connection to mysql  database tcp 3306 but a long ack timeout for other rules.
> > if not perhaps this syntax can be implemented on ipfw code, for example:
> > ipfw add ... keepstate setup timeout-ack 3600
> > or
> > ipfw add ... keepstate setup timeout-syn 50
> > 
> > Perhaps I can do this stuff if there are no objections ?

I've got CURRENT patches to do this at the site in the .sig. My STABLE
ones bitrotted (the CURRENT ones might be pass the sell-by date
too). But I could redo them if there is interest.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message