Rmkml,
If you have any custom timeouts always set them after you declair
the optimization directive. Otherwise the timeouts will be overwritten like
you noticed.
# Timeout Examples
set optimization aggressive
set timeout { frag 10, tcp.established 3600 }
set timeout { tcp.first 30, tcp.closing 30, tcp.closed 30, tcp.finwait 30 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }
--
Calomel @ http://calomel.org
On Thu, Oct 25, 2007 at 05:26:27PM +0200, rmkml wrote:
>Hi,
>just warn if you use Timeout and optimization on PF,
>
>ok first example on pf.conf :
> set timeout tcp.established 86399
> #set optimization normal#Without set optimization * !!!
>and pfctl -s timeout|grep established
> tcp.established 86399s
>
>ok second example and Warning on pf.conf :
> set timeout tcp.established 86399
> set optimization normal
>and pfctl -s timeout|grep established
> tcp.established 86400s
>
>ok third example and Warning on pf.conf :
> set timeout tcp.established 86399
> set optimization aggressive
>and pfctl -s timeout|grep established
> tcp.established 18000s
>..
>
>Warn because set timeout *.* param are not used if you use "set
>optimization *".
>maybe add warning if "set timeout *" and "set optimization *" ?
>Best Regards
>Rmkml
