Re: PF session ttl

On 3/29/2022 4:51 PM, Cristian Cardoso wrote:
> Thanks for the command. But actually I wanted to know if there is a 
> "default" value, what is its value and if it is configurable.
>
pfctl -sa will show you the current defaults

I think what you are after is in the pf.conf's man page under STATEFUL 
TRACKING OPTIONS

     <timeout> <seconds>
            Changes the timeout values used for states created by this rule.
            For a list of all valid timeout names, see OPTIONS above.

with the example


            pass in proto tcp from any to any \
                  port www keep state \
                  (max 100, source-track rule, max-src-nodes 75, \
                  max-src-states 3, tcp.established 60, tcp.closing 5)

and you can set global defaults via the set timeout command.

     ---Mike


> Em ter., 29 de mar. de 2022 às 17:48, mike tancsa <mike@sentex.net> 
> escreveu:
>
>     On 3/29/2022 4:30 PM, Cristian Cardoso wrote:
>     > Hi
>     > Guys, does anyone happen to know how to tell me the value of
>     session
>     > ttl that PF uses to terminate sessions that are via statefull?
>
>     Are you looking for when a state expires ? If so, try
>
>     pfctl -ss -v -v
>
>     it will show you when it expires
>
>     e.g
>
>     all tcp 192.168.96.1:22 <http://192.168.96.1:22>
>     (10.159.159.249:24 <http://10.159.159.249:24>) <-
>     192.168.1.89:64660 <http://192.168.1.89:64660>
>     SYN_SENT:ESTABLISHED
>         [997609076 + 2097152] wscale 6  [2771445293 + 16777472] wscale 2
>         age 00:00:00, expires in 00:00:30, 1:1 pkts, 52:52 bytes
>         id: 90d5c76500000000 creatorid: 7b2b3e4b gateway: 0.0.0.0
>         origif: vlan9
>
>          ---Mike
>