On Wed, Nov 29, 2006 at 12:05:10AM +0100, Axel Rau wrote:
> Hi all,
>
> in my production pf.conf (113 rules) I have
> set timeout { tcp.finwait 1}
> . But
> pfctl -s timeouts
> shows
> tcp.finwait 45s
> (the default). In a simple pf.conf this works as expected.
>
> What might the reason for this?
> Are there any options resetting timeouts to defaults?
> Anybody there with similar experience?
Do you have your optimization set after the timeout? Optimization
directly controls the timeouts, so setting if after explicit timeout
settings will override them.
-jon
