Date: Fri, 18 Aug 2006 05:43:38 +0100 From: Chris <chrcoluk@gmail.com> To: "Mike Silbersack" <silby@silby.com> Cc: freebsd-net@freebsd.org, Simon Walton <simonw@matteworld.com> Subject: Re: Long keepidle time Message-ID: <3aaaa3a0608172143l103dafe0hf4c0fbc8044b0d01@mail.gmail.com> In-Reply-To: <20060811203041.E44075@odysseus.silby.com> References: <44DD1909.40703@matteworld.com> <20060811203041.E44075@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/08/06, Mike Silbersack <silby@silby.com> wrote: > > On Fri, 11 Aug 2006, Simon Walton wrote: > > > Is there any reason why the default initial timeout for keep alive > > packets needs to be as long as two hours? This period causes the dynamic > > rules in my firewall filter to timeout. > > > > Is there a major objection to reducing the default idle time to > > say 3 to 5 minutes? > > > > Simon Walton > > On reason behind a 2 hour keepalive is so that you don't have a 2 minute > network outage that causes all your connections to timeout. > > Of course, as you point out, in the modern age of firewalls, more frequent > keepalives can be a good thing. > > I don't forsee us changing FreeBSD's default keepalive setting, but you're > more than welcome to change the setting on your own system. > > Also note that ipfw2 sends keepalive packets on its own, maybe you could > switch to it and/or add that functionality to your favorite firewall > package. :) > > Mike "Silby" Silbersack > _______________________________________________ whats the point of keeping a connection alive (hung) to a dead network for 2 hours tho? That I dont understand either. Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aaaa3a0608172143l103dafe0hf4c0fbc8044b0d01>