Tcp.established changed on "System: Advanced: System Tunables" doesn't stick.
-
The subject says it all.
I'm trying to change the default value of tcp.established which default value is 86400sI added tcp.established under the system tuneables, but even after a system reboot, it comes back up as 86400s.
pfctl -s timeouts tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s
etc. etc. etc.
Am I missing something?
Thanks,
-Karl -
That's not a system tunable. It's a pf timer.
The only user-facing option that affects those is under System > Advanced on the Firewall/NAT tab, "Firewall Optimization". Conservative mode raises the timeout, Aggressive mode will lower the timeout.
-
That's not a system tunable. It's a pf timer.
The only user-facing option that affects those is under System > Advanced on the Firewall/NAT tab, "Firewall Optimization". Conservative mode raises the timeout, Aggressive mode will lower the timeout.
Ok. Thanks for responding.
So, where can I change this pf timer and make the change persistent?
I would like to lower the value to something like 1 hour.Thanks,
-Karl -
The only GUI option is the firewall optimization. There isn't any way to set it manually short of patching the code that produces the ruleset part that includes the timers.