(What's the) State lifetime in Conservative Optimization mode



  • I have this website that supports Push, I'm planning to cut off outbound traffic for the server hosting it but I'd like to know for how long will it still be able to reach clients after clients reached it.

    AND, it's behind pfSense-hosted HAProxy, so I'm not sure if the optimization still applies or now it's under HAProxy's control. pfSense still manages states on every exit of HAProxy--right? It has to be let through…soo…I think I just answered my own question. And, I don't think there's a chance for optimization for h2 since it's all the way up L7… 😪

    Still, I'd like to know about the states' lifetime though, if you please! Can they be further tweaked? I don't mess too much with L4 unless HAProxy can't handle it (e.g; UDP.)

    Thanks! 💾


  • LAYER 8 Netgate

    Diagnostics > Command Prompt

    pfctl -st

    Pretty unusual to need to tweak things for TCP sessions, since established sessions have to be dead for a day to be expired.

    It's usually only used for things like UDP VoIP when the gear is too stupid to send proper keepalives, etc.



  • @Derelict said in (What's the) State lifetime in Conservative Optimization mode:

    ually only used for things like UDP VoIP when the g

    Oh man! That's awesome! It should be fine then. I forgot that these optimization things always gravitated around something like tunnels or VoIP.

    Nothing good comes out of letting servers connect out, e.g; Windows Update. ☝🏼

    Thanks a lot! You just made my day. I can now focus on documenting a few things--I'm soo far behind.


Log in to reply