[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pps or other unknown upper bound?



Oh, btw, tcp.timeout can also be changed per rule, like
  pass proto tcp ... to ... port 12345 keep state (tcp.closed 5)
So only states for these particular connections would be expired sooner,
while other connections wouldn't be affected.
I'd consider stateless filtering only if this doesn't help, i.e. when
it's not possible to lower timeout and interval enough to keep up.
This is assuming the client only violates 2MSL as a last resort. If it
just violates it generally, there might be additional implications :)
Daniel