Long keepidle time

[Chris]

On 12/08/06, Mike Silbersack <silby at silby.com> wrote:
>
> On Fri, 11 Aug 2006, Simon Walton wrote:
>
> >  Is there any reason why the default initial timeout for keep alive
> > packets needs to be as long as two hours? This period causes the dynamic
> > rules in my firewall filter to timeout.
> >
> >  Is there a major objection to reducing the default idle time to
> > say 3 to 5 minutes?
> >
> > Simon Walton
>
> On reason behind a 2 hour keepalive is so that you don't have a 2 minute
> network outage that causes all your connections to timeout.
>
> Of course, as you point out, in the modern age of firewalls, more frequent
> keepalives can be a good thing.
>
> I don't forsee us changing FreeBSD's default keepalive setting, but you're
> more than welcome to change the setting on your own system.
>
> Also note that ipfw2 sends keepalive packets on its own, maybe you could
> switch to it and/or add that functionality to your favorite firewall
> package. :)
>
> Mike "Silby" Silbersack
> _______________________________________________

whats the point of keeping a connection alive (hung) to a dead network
for 2 hours tho? That I dont understand either.

Chris