Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 12 Apr 2001 10:01:44 -0700
From:      Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>
To:        Lyndon Nerenberg <lyndon@orthanc.ab.ca>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: ipfw dynamic rulesets broken for me 
Message-ID:  <15061.57208.578708.358266@horsey.gshapiro.net>
In-Reply-To: <200104121656.f3CGuci23431@orthanc.ab.ca>
References:  <15061.19380.659608.578985@horsey.gshapiro.net> <200104121656.f3CGuci23431@orthanc.ab.ca>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
lyndon> ipfw has insanely short timeouts for the keep-state engine.

A note to the ipfw maintainers, this should work out of the box so it's
less of a support hassle.

lyndon> Add this to /etc/sysctl.conf (adjusted to a suitable value
lyndon> for your network):

lyndon> # TCP connections time out after eight hours.
lyndon> net.inet.ip.fw.dyn_ack_lifetime=28800

Thanks, I'll give it a try and see if it solves all of the problems.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?15061.57208.578708.358266>