ipfw dyn_keepalive
Andrea Venturoli
ml at netfence.it
Fri May 8 09:07:40 UTC 2015
Hello.
I'm having some troubles with dynamic rules and keep-alives...
Let's say a client connect to a TCP port on my server and a keep-state
rules allows the connection; the connection is setup correctly and some
data exchanged.
Then there is some minutes of silence and the rule expires.
However, I read in "man ipfw" that if net.inet.ip.fw.dyn_keepalive=1
(which is holds by default and I verified in my case):
"A keepalive is generated to both sides of the connection every 5
seconds for the last 20 seconds of the lifetime of the rule".
If I understand that correctly, then these rules should never expire (as
long as the client answers those packets, I suppose); this is however in
contrast to what I experience.
I looked around, but found no pointers about this.
How is it supposed to work?
Does it need anything special on the client side or is it expected to
always answer those packets?
Any good document about this?
bye & Thanks
av.
More information about the freebsd-net
mailing list