Date: Fri, 08 May 2015 11:02:16 +0200 From: Andrea Venturoli <ml@netfence.it> To: net@freebsd.org Subject: ipfw dyn_keepalive Message-ID: <554C7B98.2040101@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I'm having some troubles with dynamic rules and keep-alives... Let's say a client connect to a TCP port on my server and a keep-state rules allows the connection; the connection is setup correctly and some data exchanged. Then there is some minutes of silence and the rule expires. However, I read in "man ipfw" that if net.inet.ip.fw.dyn_keepalive=1 (which is holds by default and I verified in my case): "A keepalive is generated to both sides of the connection every 5 seconds for the last 20 seconds of the lifetime of the rule". If I understand that correctly, then these rules should never expire (as long as the client answers those packets, I suppose); this is however in contrast to what I experience. I looked around, but found no pointers about this. How is it supposed to work? Does it need anything special on the client side or is it expected to always answer those packets? Any good document about this? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?554C7B98.2040101>