Hello all! I use IP-Filter 3.4.30 on a Solaris 9 sparc system.
Is there a possibility to change the state timeout for an UDP connection? The timeout is obviously set to 120 seconds. It is possible to view this with the "ipfstat -t" command. The problem I see, is with the IAX2 Asterisk VoIP protocol. It is supposed to keep a UDP "connection" open through firewalls and NAT gateways with a regular "heart beet" which in real life is a md5 authentication. This "heart beet" seems to have a period slightly longer than 2 minutes. Different equipment, with different implementations seems to have a slightly varying retry period. This is working excellent through many/most firewalls/gateways. But I miss some calls due to expired udp state for this type of "connection". I found the "age" option for the "map" rule, but it is not well documented what it does and I guess it is unrelated. Is there some possibility to write a "keep state" role with specified timeout? The even better solution would be to have an IAX2 proxy in ip-filter! A built in stateful SIP proxy is also on the wish list, but would be *far* more complicated. Thanks: Håkan
pgpf6oKjGHwpg.pgp
Description: PGP signature
