On Mon, Aug 25, 2003 at 09:27:52AM +0200, Alexandre Dulaunoy wrote:
>
> I would like to set the timeout of a specific TCP service with pf. It
> seems that the values are globals (tcp.closing and so on...).
> Is it possible to make a timeout for a specific TCP port ? I have
> looked in pf.conf(5) but I didn't found nothing about that.
from pf.conf(5): ( line ~200 )
These values can be defined both globally and for each rule. When
used on a per-rule basis, the values relate to the number of states
created by the rule, otherwise to the total number of states.
so, if you literally only mean set the tcp timeout based on port,
without respect to which rule(s) that port may play a role in, no;
but you can do something like:
set timeout { tcp.closing 929 }
pass out quick on $ext_if inet proto tcp from any to any port 1824 \
keep state set timeout { tcp.closing 23 }
would give tcp.closing 929 for all rules except the packets matching
that rule will get tcp.closing 23
that syntax is probably horribly wrong, btw.
but the idea is there.
jared
--
[ openbsd 3.4-beta GENERIC ( aug 24 ) // i386 ]
