From owner-freebsd-net  Mon Oct 23 19:58: 8 2000
Delivered-To: freebsd-net@freebsd.org
Received: from snafu.adept.org (adsl-63-201-63-44.dsl.snfc21.pacbell.net [63.201.63.44])
	by hub.freebsd.org (Postfix) with ESMTP id 8E2FD37B479
	for <freebsd-net@FreeBSD.org>; Mon, 23 Oct 2000 19:58:07 -0700 (PDT)
Received: by snafu.adept.org (Postfix, from userid 65532)
	id 476959EE01; Mon, 23 Oct 2000 19:57:49 -0700 (PDT)
From: "Mike Hoskins" <mike@adept.org>
To: Rudy <rudy@monkeybrains.net>, freebsd-net@FreeBSD.org
Subject: Re: '/kernel: Too many dynamic rules, sorry'
X-Mailer: NeoMail 1.20pre3
X-IPAddress: 206.136.108.22
MIME-Version: 1.0
Message-Id: <20001024025749.476959EE01@snafu.adept.org>
Date: Mon, 23 Oct 2000 19:57:49 -0700 (PDT)
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> [4] A nice feature would be the ability to extend timeouts within the
ipfw
> ruleset for specific ports.  For instance, I'd like to change the
timeout
> for my ssh connections from 5 minutes to 60 minutes. Something like:
> allow tcp from any to any 22 keep-state ack-lifetime 3600 in recv fxp0
setup

You need patches like Aaron Gifford's.  Search the security list archive
for 'ipfw patches' from around July.

-mrh


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message