Command to Modify State Time Outs?
-
Is there a command that I can use in a script to change the State Timouts? Specifically, I'd like to temporarly modify udp.multiple.
-
i don't think is possible to do that "on the fly", i could be wrong though, afaik
you can setaggressive normal conservative tcp.first 30s 120s 3600s tcp.opening 5s 30s 900s tcp.established 18000s 86400s 432000s tcp.closing 60s 900s 3600s tcp.finwait 30s 45s 600s tcp.closed 30s 90s 180s tcp.tsdiff 10s 30s 60s udp.first 60s 60s 60s udp.single 30s 30s 30s udp.multiple 60s 60s 60s icmp.first 20s 20s 20s icmp.error 10s 10s 10s other.first 60s 60s 60s other.single 30s 30s 30s other.multiple 60s 60s 60s frag 60s 60s 60s interval 10s 10s 10s
Navigating to System > Advanced > Firewall & NAT scroll to the bottom of the page.
Here at the bottom, you'll see manual "State Timeouts" for the values specified with "pfctl -st".State Timeouts (seconds - blank for default)
-
Thank you for your response. I'm familiar with setting time-outs manually thru the GUI. Looking thru the man page for pfctl, I didn't see any way to set the time-outs either.