Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 29 Mar 2022 16:57:32 -0400
From:      mike tancsa <mike@sentex.net>
To:        Cristian Cardoso <cristian.cardoso11@gmail.com>
Cc:        FreeBSD PF List <freebsd-pf@freebsd.org>
Subject:   Re: PF session ttl
Message-ID:  <0b67d668-2f0c-fcfc-f180-97eba208bcad@sentex.net>
In-Reply-To: <CAKeEC-LbLX=knm8%2BSpps%2BvhWWrRy%2BRUGhGg_hW3vCQQwR0xqbg@mail.gmail.com>
References:  <CAKeEC-KZc2Uh46KnYyXAeXCULWGgg3VkW036H08u3-5MF9qGeA@mail.gmail.com> <558dfec2-031a-feb6-dc2f-f9fc83205896@sentex.net> <CAKeEC-LbLX=knm8%2BSpps%2BvhWWrRy%2BRUGhGg_hW3vCQQwR0xqbg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 3/29/2022 4:51 PM, Cristian Cardoso wrote:
> Thanks for the command. But actually I wanted to know if there is a 
> "default" value, what is its value and if it is configurable.
>
pfctl -sa will show you the current defaults

I think what you are after is in the pf.conf's man page under STATEFUL 
TRACKING OPTIONS

     <timeout> <seconds>
            Changes the timeout values used for states created by this rule.
            For a list of all valid timeout names, see OPTIONS above.

with the example


            pass in proto tcp from any to any \
                  port www keep state \
                  (max 100, source-track rule, max-src-nodes 75, \
                  max-src-states 3, tcp.established 60, tcp.closing 5)

and you can set global defaults via the set timeout command.

     ---Mike


> Em ter., 29 de mar. de 2022 às 17:48, mike tancsa <mike@sentex.net> 
> escreveu:
>
>     On 3/29/2022 4:30 PM, Cristian Cardoso wrote:
>     > Hi
>     > Guys, does anyone happen to know how to tell me the value of
>     session
>     > ttl that PF uses to terminate sessions that are via statefull?
>
>     Are you looking for when a state expires ? If so, try
>
>     pfctl -ss -v -v
>
>     it will show you when it expires
>
>     e.g
>
>     all tcp 192.168.96.1:22 <http://192.168.96.1:22>;
>     (10.159.159.249:24 <http://10.159.159.249:24>) <-
>     192.168.1.89:64660 <http://192.168.1.89:64660>;
>     SYN_SENT:ESTABLISHED
>         [997609076 + 2097152] wscale 6  [2771445293 + 16777472] wscale 2
>         age 00:00:00, expires in 00:00:30, 1:1 pkts, 52:52 bytes
>         id: 90d5c76500000000 creatorid: 7b2b3e4b gateway: 0.0.0.0
>         origif: vlan9
>
>          ---Mike
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0b67d668-2f0c-fcfc-f180-97eba208bcad>