[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Public web server behind a PF bridge, crap clients



Hi Daniel,
Are the default timeout values documented somewhere.  If not, you post them.
The man pages for pf.conf show how to set them, but doesn't seem to indicate
the defaults.
On similar note:  does "set optimization" influence the timeouts, or is it
merely relaxing the state matching tolerance?
Thanks.
  Stephen
-----Original Message-----
From: Daniel Hartmeier [mailto:[email protected]] 
Sent: Friday, December 06, 2002 1:08 PM
Subject: Re: Public web server behind a PF bridge, crap clients
[snip]
In every case, either the state has
timed out already or the peer was re-using a port with a new initial
sequence number before the old state has timed out. You can compensate
both by adjusting the tcp state timeout values.