Thus spake Sean Chittenden ([EMAIL PROTECTED]) [27/08/03 04:52]:
> Hrm, okay. Without the ability to send out periodic keep alives to
> refresh the TCP connection, how is it possible for ipf to maintain
> open SSH sessions to servers that generally serve www traffic and
> should have a short state-age/ttl/default life time in the state
> table? -sc
man sshd_config(5)?
KeepAlive
Specifies whether the system should send TCP keepalive messages
to the other side. If they are sent, death of the connection or
crash of one of the machines will be properly noticed. However,
this means that connections will die if the route is down tempo-
rarily, and some people find it annoying. On the other hand, if
keepalives are not sent, sessions may hang indefinitely on the
server, leaving ``ghost'' users and consuming server resources.
The default is ``yes'' (to send keepalives), and the server will
notice if the network goes down or the client host crashes. This
avoids infinitely hanging sessions.
