Hello. I'm trying to use this patch to compile ng_pf:
http://lists.freebsd.org/pipermail/freebsd-bugs/2007-December/027288.html
During compiling process, I have this error:
cc1: warnings being treated as errors
/usr/src/sys/modules/netgraph/pf/../../../netgraph/ng_pf.c: In function
'ng_pf_rcvdata
Hello. I have a freebsd router with freebsd and pf.
In my pf.conf, I have block-by-default rule and after it, something like
this:
block all
pass in on $if_int from $net_int to any
pass out on $if_ext from $net_int to any
When there is, for example some idle ssh connection, pf stops tracking
it
Daniel Hartmeier пишет:
> The default timeout for fully established TCP connections in pf is
> 24 hours:
>
> # pfctl -st
> tcp.established 86400s
>
> You can change this value in pf.conf with
>
> set timeout { tcp.established 86400 }
# pfctl -st | grep tcp.established
tcp.establis
>
> Are you using adaptive timeouts?
>
> # pfctl -st | grep adaptive
Yes (they are used by default):
# pfctl -st | grep adaptive
adaptive.start 6000 states
adaptive.end 12000 states
>
> What's your state limit?
>
> # pfctl -sm | grep states
# pfctl -sm | grep states
sta
