On Fri, Jan 28, 2005 at 10:37:44AM -0800, Gustavo A. Baratto wrote:
> hello all,
>
> Is it (or will be) possible to set different state timeouts for different
> rules?
>
> For example, if I'm using http, and I need to keep the state for 10 minutes
> because of an e-commerce session, and I dont want to keep the state for
> smtp for more than 30 seconds.
>
> Something like:
> ---------
> set timeout 60 #default timeout
>
> # http rule
> pass out on fxp0 proto tcp from any to any port www keep state timeout 600
>
> # smtp rule
> pass out on fxp0 proto tcp from any to any port smtp keep state timeout 30
you can do that today:
pass out on fxp0 proto tcp from any to any port = www \
keep state (tcp.established 600)
pass out on fxp0 proto tcp from any to any port = smtp \
keep state (tcp.established 30)
man 5 pf.conf for more details.
-j
--
"Asleep at the switch? I wasn't asleep, I was drunk!"
--The Simpsons
