ipfw dynamic ruleset and sysctl

ipfw dynamic ruleset and sysctl

Post by Michael Sierchi » Sat, 18 Aug 2001 06:09:33



My interpretation of the following

        net.inet.ip.fw.dyn_ack_lifetime
        net.inet.ip.fw.dyn_syn_lifetime
        net.inet.ip.fw.dyn_fin_lifetime
        net.inet.ip.fw.dyn_rst_lifetime
        net.inet.ip.fw.dyn_short_lifetime

Is that these apply only to TCP connections.  So, what controls
the lifetime of keep-state rules for UDP (or other non-TCP)?  Do
these ever expire?

Mine don't seem to be expiring...

It hadn't occurred to me to use keep-state rules for UDP
until I saw it mentioned in the examples.  Please correct
me if I'm wrong, but if they don't expire then they aren't
esp. useful.