Date: Wed, 26 Sep 2001 07:51:19 -0600 From: Aaron D.Gifford <agifford@infowest.com> To: freebsd-stable@freebsd.org Subject: Re: ipfw patch Message-ID: <20010926135120.1080E212DD@ns1.infowest.com>
next in thread | raw e-mail | index | archive | help
Mike Hoskins was reputed to have said:
>Some time ago I came across the attached patch for ipfw which supports
>per-session timeouts. It applied cleanly until my last attempt to cvsup
>4.4 (still at 4.3). It allows you to specify 'lifetimes' in your ipfw
>rules as follows:
>
>allow tcp from any to ${oip} 22 in keep-state lifetime 3600
>
>This would let ssh have a timeout of 3600, while maintaining sysctl
>timeout values for all other connections.
>
>I contacted the author, agifford@infowest.com, but have received no
>response... and was curious if anyone else has used this, or knows if
>similar functionality exists within ipfw now. I checked the man page and
>didn't see anything similar...
Sorry for the delay, I tend to be quite slow replying to e-mail.
Latest versions of the aforementioned patch set should always be
available on my personal web site at:
http://www.aarongifford.com/computers/ipfwpatch.html
Looking at -CURRENT CVS, it looks like Luigi is preparing to commit a lot
of new ipfw stuff in the future. I suppose I should e-mail him and ask
if he has changed his mind about including this per-rule "lifetime"
functionality in the future, or if the features he will be adding include
equivalent functionality. I like the stuff (changes he's made in CVS) I
see so far and look forward to what's next.
Aaron out.
>
>Later,
>-Mike
>
->-
>"Information may want to be free, but fiber optic cable wants to be
> a million US dollars per mile." --Shawn McMahon
<<snip>>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926135120.1080E212DD>