ipfw keep-state timeout

Pavel Urban urban-pavel at volny.cz
Wed Apr 21 20:41:40 CEST 2004

Previous message: ipfw keep-state timeout
Next message: ipfw keep-state timeout
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hodnoty se daji zjistit/nastavit via sysctl,

sysctl -w net.inet.ip.fw.dyn_udp_lifetime=10

nicmene to by melo byt jiz defaultne nastaveno na zminenych 10 sekund
(priznam ze zadne 5.x zrovna nemam po ruce).... zkusil jste povolit zcela
komunikaci via "workaround" a vyzkouset realnou casovou potrebu na odpoved a
to nejen od Vaseho nejblizsiho nameserveru? (10 sec je opravdu dost dlouha
doba na jakykoli dotaz)

Pavel


-----Original Message-----
From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz]On
Behalf Of Jan Stary
Sent: Wednesday, April 21, 2004 5:39 PM
To: FreeBSD mailing list
Subject: ipfw keep-state timeout


Zdravim,

pouzivam ipfw a stava se toto: mam pravidlo
'allow udp from ${me} to any keep-state'
hlavne kvuli dns dotazum venku.

Stava se vsak, ze odpoved na takovy dns dotaz
neprijde dost brzo na to, aby prosla v ramci
toho 'keep-state' pravidla - tato pravidla
myslim nejak timeoutuji, ze ano?

Existuje nejaka standardni cesta, jak toto vyresit?
Jedna moznost je pochopitelne 'allow udp from any 53 to ${me}',
ale to je jen workaround.

Da se v ipfw nejak nastavit ten keep-state timeout
v zavislosti na sluzbe? Potrebuju vlastne rict
"keep-state pro ${me} to any 53 si pamatuj 10 sekund",
napriklad.

5.2.1-RELEASE-p5 FreeBSD 5.2.1-RELEASE-p5

	Diky

		hans

--
FreeBSD mailing list (users-l at freebsd.cz)
http://www.freebsd.cz/listserv/listinfo/users-l

Previous message: ipfw keep-state timeout
Next message: ipfw keep-state timeout
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list