[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new feature



On Fri, Jan 28, 2005 at 10:37:44AM -0800, Gustavo A. Baratto wrote:
> hello all,
> 
> Is it (or will be) possible to set different state timeouts for different 
> rules?
> 
> For example, if I'm using http, and I need to keep the state for 10 minutes 
> because of an e-commerce session, and I dont want to keep the state for 
> smtp for more than 30 seconds.
> 
> Something like:
> ---------
> set timeout 60  #default timeout
> 
> # http rule
> pass out on fxp0 proto tcp from any to any port www keep state timeout 600
> 
> # smtp rule
> pass out on fxp0 proto tcp from any to any port smtp keep state timeout 30
you can do that today:
  pass out on fxp0 proto tcp from any to any port = www \
    keep state (tcp.established 600)
  pass out on fxp0 proto tcp from any to any port = smtp \
    keep state (tcp.established 30)
man 5 pf.conf for more details.
-j
--
"Asleep at the switch?  I wasn't asleep, I was drunk!"
        --The Simpsons