That's sort of what I was looking for as well. I understand what the manpage says, but it's not very informative.
Personally, I'm thinking of using it on a box where I have to leave the default age up high for normal tcp connections, which are slow, but usually get torn-down and have their nat rules retired appropriately -- vs udp "connections" for say DNS, which don't need to last nearly as long. What do the numbers themselves stand for? "age x/y" carries what meaning for x and for y? On Fri, November 25, 2005 19:33, Olmsted, Brian wrote: > > Darren do you have an example of how this would be implemented? Which > UDP type of protocols should it be used for and so forth? > > NFS possibly? Radius traffic? Proprietary communication between > servers in a cluster that communicate over UDP? > > > This would seem handy to use especially for connections that last longer > than most types of UDP packets that are short and sweet (eg. DNS is > basically packet in and packet out type of thing). > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed > Sent: Friday, November 25, 2005 5:37 PM > To: [EMAIL PROTECTED] > Cc: IPFilter > Subject: Re: Second question.. "age" parameter? > > [ Charset ISO-8859-1 unsupported, converting... ] >> >> I can't find any documentation on how the "age" parameter for the > rules >> work.. could someone explain this in a little more detail? >> >> Adding "age x/y" to the end of a rule will mean exactly what? > > It controls the forward/reverse timeout for packets. > This is primarily of benefit with UDP/ICMP. > > Darren > --
