Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    (What's the) State lifetime in Conservative Optimization mode

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 486 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • senseivitaS
      senseivita
      last edited by

      I have this website that supports Push, I'm planning to cut off outbound traffic for the server hosting it but I'd like to know for how long will it still be able to reach clients after clients reached it.

      AND, it's behind pfSense-hosted HAProxy, so I'm not sure if the optimization still applies or now it's under HAProxy's control. pfSense still manages states on every exit of HAProxy--right? It has to be let through…soo…I think I just answered my own question. And, I don't think there's a chance for optimization for h2 since it's all the way up L7… 😪

      Still, I'd like to know about the states' lifetime though, if you please! Can they be further tweaked? I don't mess too much with L4 unless HAProxy can't handle it (e.g; UDP.)

      Thanks! 💾

      Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        Diagnostics > Command Prompt

        pfctl -st

        Pretty unusual to need to tweak things for TCP sessions, since established sessions have to be dead for a day to be expired.

        It's usually only used for things like UDP VoIP when the gear is too stupid to send proper keepalives, etc.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        senseivitaS 1 Reply Last reply Reply Quote 1
        • senseivitaS
          senseivita @Derelict
          last edited by

          @Derelict said in (What's the) State lifetime in Conservative Optimization mode:

          ually only used for things like UDP VoIP when the g

          Oh man! That's awesome! It should be fine then. I forgot that these optimization things always gravitated around something like tunnels or VoIP.

          Nothing good comes out of letting servers connect out, e.g; Windows Update. ☝🏼

          Thanks a lot! You just made my day. I can now focus on documenting a few things--I'm soo far behind.

          Missing something? Word endings, maybe? I included a free puzzle in this msg if you solv--okay, I'm lying. It's dyslexia, makes me do that, sorry! Just finish the word; they're rarely misspelled, just incomplete. Yeah-yeah-I know. Same thing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.