Luigi Rizzo wrote:
On Mon, Apr 16, 2007 at 12:07:35AM +0200, Ivan Voras wrote:
Luigi Rizzo wrote:
yes the numbers should be the expire time for the rule.
So, the total time the connection was active or the time the connection
had some traffic through it?
it is the expire time (i.e. how many
On Mon, Apr 16, 2007 at 12:07:35AM +0200, Ivan Voras wrote:
> Luigi Rizzo wrote:
>
> > yes the numbers should be the expire time for the rule.
>
> So, the total time the connection was active or the time the connection
> had some traffic through it?
it is the expire time (i.e. how many seconds f
Luigi Rizzo wrote:
> yes the numbers should be the expire time for the rule.
So, the total time the connection was active or the time the connection
had some traffic through it?
> ipfw has a default timeout of 300, and the it only uses the
> "short" lifetimes when the remote end properly closes
On Sun, Apr 15, 2007 at 10:18:36PM +0200, Ivan Voras wrote:
> On a rule:
>
> 06080 40997628 30756672556 allow tcp from any to me dst-port 80 setup
> keep-state
>
> ipfw -d show lists:
>
> ## Dynamic rules (774):
> 06080 94838731 (108s) STATE tcp xx.172.115.202 1421 <->
> my.ip.ad
