Date: Mon, 12 Sep 2016 11:04:26 +0800 From: Julian Elischer <julian@elischer.org> To: "freebsd-ipfw@freebsd.org" <Freebsd-ipfw@freebsd.org> Subject: ipfw table expiry.. how to do it..? Message-ID: <0f1acc7f-2c85-dc4d-a272-5631c1e749cd@elischer.org>
next in thread | raw e-mail | index | archive | help
Unfortunately we don't have any timers on table entries, so it's not possible to see how long an entry has been in use, or idle. If I were to ha ve a captive portal, which placed the address of 'allowed' hosts into a table, we would have no way to time them out when they go idle. The omly thing you can do is throw away all the entries at some time, and force them to all log in again. Does anyone have any patches to add "access time" to table entries? I'm guessing the way it would need to be done now would be to use dynamic rules and having the syn packet of every tcp session sent to the portal for approval, before being passed back to create the dynamic rule.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0f1acc7f-2c85-dc4d-a272-5631c1e749cd>