[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Timeout for ipnat active entries
From:       Guido van Rooij <guido () gvr ! org>
Date:       2005-10-06 20:15:27
Message-ID: 20051006201527.GB62392 () gvr ! gvr ! org
[Download RAW message or body]

On Tue, Oct 04, 2005 at 02:29:21PM +0700, Olivier Nicole wrote:
> Hello,
> 
> Is there a specific timeout for ipnat active entries?
> 
> I'd like those to expire *fast*, much fasterthan the 300 secondz or so.

You can set a sysctl: net.inet.ipf.fr_defnatage,
or you can specify the timeout using the age keyword.
use age aaa/bbb
IIRC, aaa is when the NAT entry times out after aaa ticks
when no return traffic is seen,
and bbb ticks when return traffic is seen.

-Guido
[prev in list] [next in list] [prev in thread] [next in thread]