Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    (What's the) State lifetime in Conservative Optimization mode

    Firewalling
    2
    3
    57
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • skilledinept
      skilledinept last edited by

      I have this website that supports Push, I'm planning to cut off outbound traffic for the server hosting it but I'd like to know for how long will it still be able to reach clients after clients reached it.

      AND, it's behind pfSense-hosted HAProxy, so I'm not sure if the optimization still applies or now it's under HAProxy's control. pfSense still manages states on every exit of HAProxy--right? It has to be let through…soo…I think I just answered my own question. And, I don't think there's a chance for optimization for h2 since it's all the way up L7… 😪

      Still, I'd like to know about the states' lifetime though, if you please! Can they be further tweaked? I don't mess too much with L4 unless HAProxy can't handle it (e.g; UDP.)

      Thanks! 💾

      1 Reply Last reply Reply Quote 0
      • Derelict
        Derelict LAYER 8 Netgate last edited by Derelict

        Diagnostics > Command Prompt

        pfctl -st

        Pretty unusual to need to tweak things for TCP sessions, since established sessions have to be dead for a day to be expired.

        It's usually only used for things like UDP VoIP when the gear is too stupid to send proper keepalives, etc.

        Chattanooga, Tennessee, USA
        The pfSense Book is free of charge!
        DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        skilledinept 1 Reply Last reply Reply Quote 1
        • skilledinept
          skilledinept @Derelict last edited by

          @Derelict said in (What's the) State lifetime in Conservative Optimization mode:

          ually only used for things like UDP VoIP when the g

          Oh man! That's awesome! It should be fine then. I forgot that these optimization things always gravitated around something like tunnels or VoIP.

          Nothing good comes out of letting servers connect out, e.g; Windows Update. ☝🏼

          Thanks a lot! You just made my day. I can now focus on documenting a few things--I'm soo far behind.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post