[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Public web server behind a PF bridge, crap clients
Are the default timeout values documented somewhere. If not, you post them.
The man pages for pf.conf show how to set them, but doesn't seem to indicate
On similar note: does "set optimization" influence the timeouts, or is it
merely relaxing the state matching tolerance?
From: Daniel Hartmeier [mailto:[email protected]]
Sent: Friday, December 06, 2002 1:08 PM
Subject: Re: Public web server behind a PF bridge, crap clients
In every case, either the state has
timed out already or the peer was re-using a port with a new initial
sequence number before the old state has timed out. You can compensate
both by adjusting the tcp state timeout values.