dump timeout
This commit is contained in:
parent
c46e3af61f
commit
4157b4642a
|
@ -87,3 +87,106 @@ Il faut a priori effacer la table avec
|
||||||
~~~
|
~~~
|
||||||
# pfctl -t <table> -T kill
|
# pfctl -t <table> -T kill
|
||||||
~~~
|
~~~
|
||||||
|
|
||||||
|
### Valeurs des timeout
|
||||||
|
|
||||||
|
D'après la man :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
set optimization environment
|
||||||
|
Optimize state timeouts for one of the following network
|
||||||
|
environments:
|
||||||
|
|
||||||
|
aggressive
|
||||||
|
Aggressively expire connections. This can greatly reduce
|
||||||
|
the memory usage of the firewall at the cost of dropping
|
||||||
|
idle connections early.
|
||||||
|
conservative
|
||||||
|
Extremely conservative settings. Avoid dropping
|
||||||
|
legitimate connections at the expense of greater memory
|
||||||
|
utilization (possibly much greater on a busy network) and
|
||||||
|
slightly increased processor utilization.
|
||||||
|
high-latency
|
||||||
|
A high-latency environment (such as a satellite
|
||||||
|
connection).
|
||||||
|
normal A normal network environment. Suitable for almost all
|
||||||
|
networks.
|
||||||
|
satellite
|
||||||
|
Alias for high-latency.
|
||||||
|
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Aggressive
|
||||||
|
|
||||||
|
~~~
|
||||||
|
tcp.first 120s
|
||||||
|
tcp.opening 30s
|
||||||
|
tcp.established 86400s
|
||||||
|
tcp.closing 900s
|
||||||
|
tcp.finwait 45s
|
||||||
|
tcp.closed 90s
|
||||||
|
tcp.tsdiff 30s
|
||||||
|
udp.first 60s
|
||||||
|
udp.single 30s
|
||||||
|
udp.multiple 60s
|
||||||
|
icmp.first 20s
|
||||||
|
icmp.error 10s
|
||||||
|
other.first 60s
|
||||||
|
other.single 30s
|
||||||
|
other.multiple 60s
|
||||||
|
frag 60s
|
||||||
|
interval 10s
|
||||||
|
adaptive.start 6000 states
|
||||||
|
adaptive.end 12000 states
|
||||||
|
src.track 0s
|
||||||
|
~~~
|
||||||
|
Normal
|
||||||
|
|
||||||
|
~~~
|
||||||
|
tcp.first 30s
|
||||||
|
tcp.opening 5s
|
||||||
|
tcp.established 18000s
|
||||||
|
tcp.closing 60s
|
||||||
|
tcp.finwait 30s
|
||||||
|
tcp.closed 30s
|
||||||
|
tcp.tsdiff 10s
|
||||||
|
udp.first 60s
|
||||||
|
udp.single 30s
|
||||||
|
udp.multiple 60s
|
||||||
|
icmp.first 20s
|
||||||
|
icmp.error 10s
|
||||||
|
other.first 60s
|
||||||
|
other.single 30s
|
||||||
|
other.multiple 60s
|
||||||
|
frag 60s
|
||||||
|
interval 10s
|
||||||
|
adaptive.start 6000 states
|
||||||
|
adaptive.end 12000 states
|
||||||
|
src.track 0s
|
||||||
|
~~~
|
||||||
|
|
||||||
|
Satellite
|
||||||
|
|
||||||
|
~~~
|
||||||
|
tcp.first 180s
|
||||||
|
tcp.opening 35s
|
||||||
|
tcp.established 86400s
|
||||||
|
tcp.closing 905s
|
||||||
|
tcp.finwait 50s
|
||||||
|
tcp.closed 95s
|
||||||
|
tcp.tsdiff 60s
|
||||||
|
udp.first 60s
|
||||||
|
udp.single 30s
|
||||||
|
udp.multiple 60s
|
||||||
|
icmp.first 20s
|
||||||
|
icmp.error 10s
|
||||||
|
other.first 60s
|
||||||
|
other.single 30s
|
||||||
|
other.multiple 60s
|
||||||
|
frag 60s
|
||||||
|
interval 10s
|
||||||
|
adaptive.start 6000 states
|
||||||
|
adaptive.end 12000 states
|
||||||
|
src.track 0s
|
||||||
|
|
||||||
|
~~~
|
||||||
|
|
Loading…
Reference in a new issue