Hi, maybe you need:
ipf -T fr_udptimeout This will display the current value. ipf -D -T fr_udptimeout=<youryalue> -E ...will set the udptimeout to <yourvalue>. -D disables the filter prior changing and -E will reactivate it afterwards. This is on i386 with ipfilter 4.x, not shure if it works in IAX2 and 3.x Cheerz NIC P.S.: Have a look at "ipf -T list" for a complete overview. Some parameter need stopping the filter before changes can be done. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Håkan Källberg > Sent: Thursday, October 06, 2005 10:42 AM > To: [email protected] > Subject: Change udp state timeout?? IAX2 Asterisk VoIP protocol. > > Hello all! > > I use IP-Filter 3.4.30 on a Solaris 9 sparc system. > > Is there a possibility to change the state timeout for an UDP > connection? The timeout is obviously set to 120 seconds. It is > possible to view this with the "ipfstat -t" command. > > The problem I see, is with the IAX2 Asterisk VoIP protocol. It is > supposed to keep a UDP "connection" open through firewalls and > NAT gateways with a regular "heart beet" which in real life is a > md5 authentication. This "heart beet" seems to have a period > slightly longer than 2 minutes. Different equipment, with > different implementations seems to have a slightly varying > retry period. This is working excellent through many/most > firewalls/gateways. But I miss some calls due to expired udp > state for this type of "connection". > > I found the "age" option for the "map" rule, but it is not well > documented what it does and I guess it is unrelated. Is there > some possibility to write a "keep state" role with specified > timeout? > > The even better solution would be to have an IAX2 proxy in > ip-filter! A built in stateful SIP proxy is also on the wish list, but > would be *far* more complicated. > > Thanks: Håkan > >
