If you read RFC 793, the transition from "CLOSE WAIT" to "CLOSED" is 2 * MSL. MSL = 2 minutes.
So the "4 minute" timeout you're seeing is correct... I will look into what should happen if a SYN packet for a new connection arrives within that 2*MSL...quite probably TCP will create a new connection, so IPFilter needs to do something intelligent here... Some things to toss up: - expunge the existing session when the new SYN packet is created and create a new session (this could be difficult) - use the first SYN packet to advance the state to closed, drop the packet and the state entry and wait for the next SYN packet to create a new connection Darren
