Date: Wed, 26 Sep 2001 07:51:19 -0600 From: Aaron D.Gifford <agifford@infowest.com> To: freebsd-stable@freebsd.org Subject: Re: ipfw patch Message-ID: <20010926135120.1080E212DD@ns1.infowest.com>
next in thread | raw e-mail | index | archive | help
Mike Hoskins was reputed to have said: >Some time ago I came across the attached patch for ipfw which supports >per-session timeouts. It applied cleanly until my last attempt to cvsup >4.4 (still at 4.3). It allows you to specify 'lifetimes' in your ipfw >rules as follows: > >allow tcp from any to ${oip} 22 in keep-state lifetime 3600 > >This would let ssh have a timeout of 3600, while maintaining sysctl >timeout values for all other connections. > >I contacted the author, agifford@infowest.com, but have received no >response... and was curious if anyone else has used this, or knows if >similar functionality exists within ipfw now. I checked the man page and >didn't see anything similar... Sorry for the delay, I tend to be quite slow replying to e-mail. Latest versions of the aforementioned patch set should always be available on my personal web site at: http://www.aarongifford.com/computers/ipfwpatch.html Looking at -CURRENT CVS, it looks like Luigi is preparing to commit a lot of new ipfw stuff in the future. I suppose I should e-mail him and ask if he has changed his mind about including this per-rule "lifetime" functionality in the future, or if the features he will be adding include equivalent functionality. I like the stuff (changes he's made in CVS) I see so far and look forward to what's next. Aaron out. > >Later, >-Mike > ->- >"Information may want to be free, but fiber optic cable wants to be > a million US dollars per mile." --Shawn McMahon <<snip>> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010926135120.1080E212DD>