Date: Thu, 12 Apr 2001 10:01:44 -0700 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: Lyndon Nerenberg <lyndon@orthanc.ab.ca> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw dynamic rulesets broken for me Message-ID: <15061.57208.578708.358266@horsey.gshapiro.net> In-Reply-To: <200104121656.f3CGuci23431@orthanc.ab.ca> References: <15061.19380.659608.578985@horsey.gshapiro.net> <200104121656.f3CGuci23431@orthanc.ab.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
lyndon> ipfw has insanely short timeouts for the keep-state engine. A note to the ipfw maintainers, this should work out of the box so it's less of a support hassle. lyndon> Add this to /etc/sysctl.conf (adjusted to a suitable value lyndon> for your network): lyndon> # TCP connections time out after eight hours. lyndon> net.inet.ip.fw.dyn_ack_lifetime=28800 Thanks, I'll give it a try and see if it solves all of the problems. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15061.57208.578708.358266>