On 5/17/2020 8:40 PM, Strahil Nikolov wrote:
> What is your conf having as a timeout ?
Both of the rules explicitly override the default timeout with a six
minute rule level timeout:
pass in quick on vlan110 proto udp from any to port = 9430 tag
VOIP_UDP keep state (udp.multiple 360)
pass out quick on $ext_if proto udp tagged VOIP_UDP keep state
(udp.multiple 360)
Which is being successfully applied, as shown by the states, which start
out with a six minute expiration:
all udp 198.148.6.55:9430 <- 10.128.110.73:9430 MULTIPLE:MULTIPLE
age 00:00:02, expires in 00:06:00, 24:23 pkts, 12163:13840 bytes,
rule 63
all udp 96.251.22.157:55205 (10.128.110.73:9430) -> 198.148.6.55:9430
MULTIPLE:MULTIPLE
age 00:00:02, expires in 00:06:00, 24:23 pkts, 12163:13840 bytes,
rule 48, source-track
However, once a minute has passed, and the expiration shows five minutes
left:
age 00:02:21, expires in 00:05:00, 29:29 pkts, 14166:18501 bytes,
rule 63 all udp 96.251.22.157:55205 (10.128.110.73:9430) ->
198.148.6.55:9430 MULTIPLE:MULTIPLE age 00:02:21, expires in
00:05:00, 29:29 pkts, 14166:18501 bytes, rule 48, source-track
Both of the rules simply disappear. Interestingly, I believe the default
multiple:multiple timeout is one minute. Which makes me wonder if for
some reason the default timeout is being applied to these rules which
have an explicit longer timeout? That seems buggy, unless there is
something wrong with my configuration. Even so, for a state that says it
has five minutes left to go away doesn't seem right.
Thanks for the input…
