ipfw dynamic rule timeout
John Murphy
jfm at blueyonder.co.uk
Sat Apr 26 08:26:49 PDT 2003
Antoine Jacoutot <ajacoutot at lphp.org> wrote:
>Hi !
>
>I'm having a problem with ipfw and dynamic rules timeout.
>For exemple, when I ssh to a distant machine, if I don't type anything for
>like 30 seconds, the connexion is dropped.
>I read this in ipfw man page:
>
>"Dynamic rules expire after some time, which depends on the status of the
>flow and the setting of some sysctl variables. See Section SYSCTL
>VARIABLES for more details. For TCP sessions, dynamic rules can be
>instructed to periodically send keepalive packets to refresh the state of
>the rule when it is about to expire."
>
>So I tried to following command and got this error:
># sysctl net.inet.ip.fw.dyn_keepalive=1
>sysctl: unknown oid 'net.inet.ip.fw.dyn_keepalive'
>
>Anyone has an idea how to increase the default timeout value.
Probably not much help to you, but you could try:
sysctl -a | grep keepalive
to see what is available. The only one I see on 4.8 is:
net.inet.tcp.always_keepalive: 1
I'm not actually using ipfw though.
John.
More information about the freebsd-questions
mailing list