From owner-freebsd-stable  Wed Sep 26  6:51:26 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from ns1.infowest.com (ns1.infowest.com [204.17.177.10])
	by hub.freebsd.org (Postfix) with ESMTP id 2E6EB37B40D
	for <freebsd-stable@freebsd.org>; Wed, 26 Sep 2001 06:51:21 -0700 (PDT)
Received: from there (eq.net [208.186.104.163])
	by ns1.infowest.com (Postfix) with SMTP id 1080E212DD
	for <freebsd-stable@freebsd.org>; Wed, 26 Sep 2001 07:51:19 -0600 (MDT)
Content-Type: text/plain;
  charset="iso-8859-1"
From: Aaron D.Gifford <agifford@infowest.com>
To: freebsd-stable@freebsd.org
Subject: Re: ipfw patch
Date: Wed, 26 Sep 2001 07:51:19 -0600
X-Mailer: KMail [version 1.3]
Organization: InfoWest, Inc.
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-Id: <20010926135120.1080E212DD@ns1.infowest.com>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Mike Hoskins was reputed to have said:
>Some time ago I came across the attached patch for ipfw which supports
>per-session timeouts.  It applied cleanly until my last attempt to cvsup
>4.4 (still at 4.3).  It allows you to specify 'lifetimes' in your ipfw
>rules as follows:
>
>allow tcp from any to ${oip} 22 in keep-state lifetime 3600
>
>This would let ssh have a timeout of 3600, while maintaining sysctl
>timeout values for all other connections.
>
>I contacted the author, agifford@infowest.com, but have received no
>response...  and was curious if anyone else has used this, or knows if
>similar functionality exists within ipfw now.  I checked the man page and
>didn't see anything similar...

Sorry for the delay, I tend to be quite slow replying to e-mail.

Latest versions of the aforementioned patch set should always be 
available on my personal web site at:

  http://www.aarongifford.com/computers/ipfwpatch.html

Looking at -CURRENT CVS, it looks like Luigi is preparing to commit a lot 
of new ipfw stuff in the future.  I suppose I should e-mail him and ask 
if he has changed his mind about including this per-rule "lifetime" 
functionality in the future, or if the features he will be adding include 
equivalent functionality.  I like the stuff (changes he's made in CVS) I 
see so far and look forward to what's next.

Aaron out.

>
>Later,
>-Mike
>
->-
>"Information may want to be free, but fiber optic cable wants to be
> a million US dollars per mile."  --Shawn McMahon
<<snip>>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message