dump timeout

2017-10-31 10:30:02 -04:00 · 2017-10-31 10:30:02 -04:00 · 4157b4642a
parent c46e3af61f
commit 4157b4642a
1 changed files with 103 additions and 0 deletions
--- a/HowtoOpenBSD/PacketFilter.md
+++ b/HowtoOpenBSD/PacketFilter.md
@ -87,3 +87,106 @@ Il faut a priori effacer la table avec
 ~~~
 # pfctl -t <table> -T kill
 ~~~
+
+### Valeurs des timeout
+
+D'après la man :
+
+~~~
+     set optimization environment
+             Optimize state timeouts for one of the following network
+             environments:
+
+             aggressive
+                     Aggressively expire connections.  This can greatly reduce
+                     the memory usage of the firewall at the cost of dropping
+                     idle connections early.
+             conservative
+                     Extremely conservative settings.  Avoid dropping
+                     legitimate connections at the expense of greater memory
+                     utilization (possibly much greater on a busy network) and
+                     slightly increased processor utilization.
+             high-latency
+                     A high-latency environment (such as a satellite
+                     connection).
+             normal  A normal network environment.  Suitable for almost all
+                     networks.
+             satellite
+                     Alias for high-latency.
+
+~~~
+
+Aggressive
+
+~~~
+tcp.first                   120s
+tcp.opening                  30s
+tcp.established           86400s
+tcp.closing                 900s
+tcp.finwait                  45s
+tcp.closed                   90s
+tcp.tsdiff                   30s
+udp.first                    60s
+udp.single                   30s
+udp.multiple                 60s
+icmp.first                   20s
+icmp.error                   10s
+other.first                  60s
+other.single                 30s
+other.multiple               60s
+frag                         60s
+interval                     10s
+adaptive.start             6000 states
+adaptive.end              12000 states
+src.track                     0s
+~~~
+Normal
+
+~~~
+tcp.first                    30s
+tcp.opening                   5s
+tcp.established           18000s
+tcp.closing                  60s
+tcp.finwait                  30s
+tcp.closed                   30s
+tcp.tsdiff                   10s
+udp.first                    60s
+udp.single                   30s
+udp.multiple                 60s
+icmp.first                   20s
+icmp.error                   10s
+other.first                  60s
+other.single                 30s
+other.multiple               60s
+frag                         60s
+interval                     10s
+adaptive.start             6000 states
+adaptive.end              12000 states
+src.track                     0s
+~~~
+
+Satellite
+
+~~~
+tcp.first                   180s
+tcp.opening                  35s
+tcp.established           86400s
+tcp.closing                 905s
+tcp.finwait                  50s
+tcp.closed                   95s
+tcp.tsdiff                   60s
+udp.first                    60s
+udp.single                   30s
+udp.multiple                 60s
+icmp.first                   20s
+icmp.error                   10s
+other.first                  60s
+other.single                 30s
+other.multiple               60s
+frag                         60s
+interval                     10s
+adaptive.start             6000 states
+adaptive.end              12000 states
+src.track                     0s
+
+~~~