On 13.02.2005 20:12 -0800, Fred Wright wrote:
> One problem in this area is confusion about the units of the
> IPFilter timeouts. Those are in units of *half-seconds*, not
> seconds. Thus:
Oops, you're right. Well, that's just completely stupid. One would
have to read the source code or dig deep in the sparse ipfilter
documentation to find out about that, and it's totally
counter-intuitive. So in that case we'll have to multiply the TCP
timeout by 2 and maybe adjust the half closed and UDP "ack timeout"
too (no other timeouts are changed by m0n0wall).
> 1) The "10-day" timeout was really only a 5-day timeout (as noted
> in the comment in the source).
IMHO still way too much on today's Internet.