From owner-freebsd-ipfw@freebsd.org  Tue Sep 20 16:16:02 2016
Return-Path: <owner-freebsd-ipfw@freebsd.org>
Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D1D5BE1A6E
 for <freebsd-ipfw@mailman.ysv.freebsd.org>;
 Tue, 20 Sep 2016 16:16:02 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "vps1.elischer.org",
 Issuer "CA Cert Signing Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 3BB1033A
 for <Freebsd-ipfw@freebsd.org>; Tue, 20 Sep 2016 16:16:02 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from julian-mbp3.pixel8networks.com
 (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133])
 (authenticated bits=0)
 by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id u8KGFx7L072512
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <Freebsd-ipfw@freebsd.org>; Tue, 20 Sep 2016 09:16:00 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Subject: Re: ipfw table expiry.. how to do it..?
To: "freebsd-ipfw@freebsd.org" <Freebsd-ipfw@freebsd.org>
References: <b8abd54d-a83c-d85f-dc93-888677eb6e30@elischer.org>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <73e735d6-04cb-3e88-594c-b4e63b2971d7@freebsd.org>
Date: Tue, 20 Sep 2016 09:15:54 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.3.0
MIME-Version: 1.0
In-Reply-To: <b8abd54d-a83c-d85f-dc93-888677eb6e30@elischer.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw/>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
 <mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2016 16:16:02 -0000

On 11/09/2016 8:03 PM, Julian Elischer wrote:
>
> Unfortunately we don't have any timers on table entries, so it's not 
> possible to see how long an entry has been in use, or idle.
>
>
> If I were to ha ve a captive portal, which placed the address of 
> 'allowed' hosts into a table, we would have no way to time them out 
> when they go idle. The omly thing you can do is throw away all the 
> entries at some time, and force them to all log in again.
>
> Does anyone have any patches to add "access time" to table entries?
>
>
> I'm guessing the way it would need to be done now would be to use 
> dynamic rules and having the syn packet of every session sent to
>
no takers?