On (2003/08/27 10:47), Damian Gerow wrote: > > Hrm, okay. Without the ability to send out periodic keep alives to > > refresh the TCP connection, how is it possible for ipf to maintain > > open SSH sessions to servers that generally serve www traffic and > > should have a short state-age/ttl/default life time in the state > > table? -sc > > man sshd_config(5)? > > KeepAlive > Specifies whether the system should send TCP keepalive messages
This doesn't help with a stateful firewall, because KeepAlives happen out-of-band. Read the manpage yourself. :-) What's needed is this: KeepAlive no ClientAliveInterval 30 ClientAliveCountMax 120 Ciao, Sheldon.
