> This means that if I use telnet to any open port and then I close the > connection PF will keep the connection in FIN_WAIT_2 status until the time > limit expires. This is a behaviour that you don't note without the src-track > option because the server will keep accepting new connections... > The strange thing is that other connections to the server from other hosts on > the internet doesn't get closed too! PF will always put them in one of these > two status: TIME_WAIT:TIME_WAIT or FIN_WAIT_2:FIN_WAIT_2. > Any clue ?
TCP goes into a 2msl time wait state after the connection closes in case a segment got delayed in the network. That is how TCP works. .mike
