Skip site navigation (1)Skip section navigation (2)
Date:      28 Jul 2002 10:25:25 -0400
From:      Dan Pelleg <>
Subject:   IPFW2 keep-alive
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

 What's the exact mechanism to expire dynamic rules under IPFW2? I
understand it's sending keep-alive packets as the rule is about to
expire. Is there any way for these to result in the rule being removed? The
behaviour I'm seeing is this:

During a network partition, the application program (Mozilla) retried to
connect to remote hosts and opened many connections, eventually hitting the
LIMIT count.

 Now the network is back up. However there is no way to open new
connections since the appropriate rule's LIMIT is met. Repeated ipfw -d
show that the rules are refreshed when they have 5-6 seconds to live (and
go back to 10 seconds or so). I'm not sure what's doing that - the local
application is long terminated. The only workaround I found was to flush
the ruleset (I guess replacing just that rule would have also worked).


  Dan Pelleg

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>