Mike Hoskins was reputed to have said:
>Some time ago I came across the attached patch for ipfw which supports
>per-session timeouts. It applied cleanly until my last attempt to cvsup
>4.4 (still at 4.3). It allows you to specify 'lifetimes' in your ipfw
>rules as follows:
>
>allow tcp from any to ${oip} 22 in keep-state lifetime 3600
>
>This would let ssh have a timeout of 3600, while maintaining sysctl
>timeout values for all other connections.
>
>I contacted the author, [EMAIL PROTECTED], but have received no
>response... and was curious if anyone else has used this, or knows if
>similar functionality exists within ipfw now. I checked the man page and
>didn't see anything similar...
Sorry for the delay, I tend to be quite slow replying to e-mail.
Latest versions of the aforementioned patch set should always be
available on my personal web site at:
http://www.aarongifford.com/computers/ipfwpatch.html
Looking at -CURRENT CVS, it looks like Luigi is preparing to commit a lot
of new ipfw stuff in the future. I suppose I should e-mail him and ask
if he has changed his mind about including this per-rule "lifetime"
functionality in the future, or if the features he will be adding include
equivalent functionality. I like the stuff (changes he's made in CVS) I
see so far and look forward to what's next.
Aaron out.
>
>Later,
>-Mike
>
->-
>"Information may want to be free, but fiber optic cable wants to be
> a million US dollars per mile." --Shawn McMahon
<<snip>>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
