ipfw dynamic rule timeout

Tue Apr 29 07:34:40 PDT 2003

On Tuesday 29 April 2003 16:28, Michael Sierchio wrote:
> Antoine Jacoutot wrote:
> > net.inet.tcp.keepidle: 7200000
>
> That's a very long time, longer that the five minutes
> you keep rules alive for.

OK, so should I low it ?
I'm sorry to seem so newbie about it, but I never had this problem on other 
platforms so I'm cautious.
The thing I don't understand is this:

IPFW2 ENHANCEMENTS
[...]
keepalives
             ipfw1 does not generate keepalives for stateful sessions.  As a
             consequence, it might cause idle sessions to drop because the
             lifetime of the dynamic rules expires.
[...]
net.inet.ip.fw.dyn_keepalive: 1
             Enables generation of keepalive packets for keep-state rules on
             TCP sessions. A keepalive is generated to both sides of the con-
             nection every 5 seconds for the last 20 seconds of the lifetime
             of the rule.

So, since I have this sysctl set to 1, why is my connexion reset ?
Doesn't it keeps generating keepalives or what ?
Basically, I would like keepalives generated forever, until I (or a client) 
close the connexion to a server.

Antoine