On Jul 13, 2007, at 2:17 AM, Alexey Sopov wrote:
While thinking about why it happens once in 5 seconds and has only
ACK bit
set, I tried to check some timeout variables and found interesting
thing.
These lines are in /etc/pf.conf:
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
And this I get from pfctl -s timeouts:
TIMEOUTS:
tcp.first 30s
tcp.opening 5s
tcp.established 18000s
tcp.closing 60s
tcp.finwait 30s
tcp.closed 30s
tcp.tsdiff 10s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 5s
interval 2s
adaptive.start 0 states
adaptive.end 0 states
src.track 0s
Setting are loaded in pf via /etc/rc.d/pf start
Why do these things differ?
These are the timeout settings for "set optimization aggressive". If
it appears after your set timeout lines, then it will take
precedence. If this doesn't appear within your pf.conf, then this
probably isn't the pf config file it's loading. If so, that may
explain your issue with the unblocked packets as well.
Best,
Ed
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
