Matthew K. Lee wrote:
I've got a FreeBSD system (4.10-RELEASE) with ipfilter compiled into
the kernel. I'm trying to set a few sysctl values via
/etc/sysctl.conf, but they don't seem to have any effect.
Specifically, here's what I've put in my sysctl.conf file:
net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcpclosewait=120
net.inet.ipf.fr_tcplastack=120
net.inet.ipf.fr_tcptimeout=240
net.inet.ipf.fr_tcpclosed=60
net.inet.ipf.fr_tcphalfclosed=300
net.inet.ipf.fr_udptimeout=90
net.inet.ipf.fr_icmptimeout=35
These settings are not applied when the system is restarted.
Furthermore, I see the following when I try by hand:
# sysctl net.inet.ipf.fr_tcpidletimeout=7200
net.inet.ipf.fr_tcpidletimeout: 864000
sysctl: net.inet.ipf.fr_tcpidletimeout: Device busy
So, am I missing something? Do I need to do something special to
override these values when ipfilter is compiled into the kernel?
Some sysctls can only be set before the system goes multiuser, by
specifying them in /boot/loader.conf. I don't know if the ipf sysctls
are some of those, but it may be worth a try. See
/boot/defaults/loader.conf for examples and syntax.
--
Toomas Aas
