I use a fairly short 2 hour established timeout on firewalls I operate,
which works fine for most purposes.  Occasionally, however, it would
be nice to have a longer timeout for *certain* types of traffic
such as SSH or telnet sessions.  

So, below find a TIMEOUT target to enable such per-conntrack timeouts.
Syntax for SSH would be something like:

        iptables -A foo -p tcp --dport 22 -j TIMEOUT --timeout 123456
        iptables -A foo -p tcp --dport 22 -j ACCEPT

It could of course also be used to lower the timeouts on some traffic,
such as HTTP.

Please review, comment, criticize, etc.  Note that at present it only
handles TCP/UDP traffic.  If deemed "merge-worthy", support for other
protos will be added.

Phil