My interpretation of the following
net.inet.ip.fw.dyn_ack_lifetime
net.inet.ip.fw.dyn_syn_lifetime
net.inet.ip.fw.dyn_fin_lifetime
net.inet.ip.fw.dyn_rst_lifetime
net.inet.ip.fw.dyn_short_lifetime
Is that these apply only to TCP connections. So, what controls
the lifetime of keep-state rules for UDP (or other non-TCP)? Do
these ever expire?
Mine don't seem to be expiring...
It hadn't occurred to me to use keep-state rules for UDP
until I saw it mentioned in the examples. Please correct
me if I'm wrong, but if they don't expire then they aren't
esp. useful.