ipfw dynamic rule timeout

John Murphy jfm at blueyonder.co.uk
Sat Apr 26 08:26:49 PDT 2003

Antoine Jacoutot <ajacoutot at lphp.org> wrote:

>Hi !
>I'm having a problem with ipfw and dynamic rules timeout.
>For exemple, when I ssh to a distant machine, if I don't type anything for 
>like 30 seconds, the connexion is dropped.
>I read this in ipfw man page:
>"Dynamic rules expire after some time, which depends on the status of the
>flow and the setting of some sysctl variables.  See Section SYSCTL
>VARIABLES for more details.  For TCP sessions, dynamic rules can be
>instructed to periodically send keepalive packets to refresh the state of
>the rule when it is about to expire."
>So I tried to following command and got this error:
># sysctl net.inet.ip.fw.dyn_keepalive=1
>sysctl: unknown oid 'net.inet.ip.fw.dyn_keepalive'
>Anyone has an idea how to increase the default timeout value.

Probably not much help to you, but you could try:

sysctl -a | grep keepalive

to see what is available.  The only one I see on 4.8 is:

net.inet.tcp.always_keepalive: 1

I'm not actually using ipfw though.


More information about the freebsd-questions mailing list