[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: new feature
On Fri, Jan 28, 2005 at 10:37:44AM -0800, Gustavo A. Baratto wrote:
> hello all,
> Is it (or will be) possible to set different state timeouts for different
> For example, if I'm using http, and I need to keep the state for 10 minutes
> because of an e-commerce session, and I dont want to keep the state for
> smtp for more than 30 seconds.
> Something like:
> set timeout 60 #default timeout
> # http rule
> pass out on fxp0 proto tcp from any to any port www keep state timeout 600
> # smtp rule
> pass out on fxp0 proto tcp from any to any port smtp keep state timeout 30
you can do that today:
pass out on fxp0 proto tcp from any to any port = www \
keep state (tcp.established 600)
pass out on fxp0 proto tcp from any to any port = smtp \
keep state (tcp.established 30)
man 5 pf.conf for more details.
"Asleep at the switch? I wasn't asleep, I was drunk!"