idle timeout question

Linux Netfilter discussions
 help / color / mirror / Atom feed

* idle timeout question
@ 2004-08-19 14:25 Shaun T. Erickson
  0 siblings, 0 replies; 3+ messages in thread
From: Shaun T. Erickson @ 2004-08-19 14:25 UTC (permalink / raw)
  To: Netfilter Mailing List

What is the default idle timout on tcp connections passing through an 
iptables firewall? If it's modifiable, on a rule by rule basis, how do I 
do that, and what is the maximum timeout that I can set?

	-ste

^ permalink raw reply	[flat|nested] 3+ messages in thread

* RE: idle timeout question
@ 2004-08-19 18:27 Jason Opperisano
  2004-08-19 21:28 ` Shaun T. Erickson
  0 siblings, 1 reply; 3+ messages in thread
From: Jason Opperisano @ 2004-08-19 18:27 UTC (permalink / raw)
  To: netfilter

> What is the default idle timout on tcp connections passing through an
> iptables firewall? If it's modifiable, on a rule by rule basis, how do I
> do that, and what is the maximum timeout that I can set?

short answer:  5 days

long answer:  check out "Table 4-2. Internal states" at:
  http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TCPCONNECTIONS

modifiable rule-by-rule?  i do not believe so...

maximum?  whatever the max value of an unsigned long integer is on your platform--probably something bigger than would be sane to use (4294967295 comes to mind)...

-j

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: idle timeout question
  2004-08-19 18:27 idle timeout question Jason Opperisano
@ 2004-08-19 21:28 ` Shaun T. Erickson
  0 siblings, 0 replies; 3+ messages in thread
From: Shaun T. Erickson @ 2004-08-19 21:28 UTC (permalink / raw)
  To: netfilter

Jason Opperisano wrote:

>>What is the default idle timout on tcp connections passing through an
>>iptables firewall? If it's modifiable, on a rule by rule basis, how do I
>>do that, and what is the maximum timeout that I can set?
> 
> 
> short answer:  5 days
> 
> long answer:  check out "Table 4-2. Internal states" at:
>   http://iptables-tutorial.frozentux.net/iptables-tutorial.html#TCPCONNECTIONS
> 
> modifiable rule-by-rule?  i do not believe so...
> 
> maximum?  whatever the max value of an unsigned long integer is on your platform--probably something bigger than would be sane to use (4294967295 comes to mind)...

Thanks.

	-ste


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2004-08-19 21:28 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-19 18:27 idle timeout question Jason Opperisano
2004-08-19 21:28 ` Shaun T. Erickson
  -- strict thread matches above, loose matches on Subject: below --
2004-08-19 14:25 Shaun T. Erickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox