From owner-freebsd-stable Tue Sep 25 23:40:28 2001 Delivered-To: freebsd-stable@freebsd.org Received: from snafu.adept.org (snafu.adept.org [63.201.63.44]) by hub.freebsd.org (Postfix) with ESMTP id 87C6837B40A for ; Tue, 25 Sep 2001 23:40:25 -0700 (PDT) Received: by snafu.adept.org (Postfix, from userid 1000) id 8A08D9EE05; Tue, 25 Sep 2001 23:40:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by snafu.adept.org (Postfix) with ESMTP id 824E19B005 for ; Tue, 25 Sep 2001 23:40:18 -0700 (PDT) Date: Tue, 25 Sep 2001 23:40:18 -0700 (PDT) From: Mike Hoskins To: Subject: ipfw patch Message-ID: <20010925233344.Y58056-100000@snafu.adept.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Some time ago I came across the attached patch for ipfw which supports per-session timeouts. It applied cleanly until my last attempt to cvsup 4.4 (still at 4.3). It allows you to specify 'lifetimes' in your ipfw rules as follows: allow tcp from any to ${oip} 22 in keep-state lifetime 3600 This would let ssh have a timeout of 3600, while maintaining sysctl timeout values for all other connections. I contacted the author, agifford@infowest.com, but have received no response... and was curious if anyone else has used this, or knows if similar functionality exists within ipfw now. I checked the man page and didn't see anything similar... Later, -Mike -- "Information may want to be free, but fiber optic cable wants to be a million US dollars per mile." --Shawn McMahon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message