Re: [m0n0wall] known issues with 1.2b3

From:	Manuel Kasper <mk at neon1 dot net>
To:	Fred Wright <fw at well dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] known issues with 1.2b3
Date:	Mon, 14 Feb 2005 09:00:15 +0100

On 13.02.2005 20:12 -0800, Fred Wright wrote:

> One problem in this area is confusion about the units of the
> IPFilter timeouts.  Those are in units of *half-seconds*, not
> seconds.  Thus:

Oops, you're right. Well, that's just completely stupid. One would
have to read the source code or dig deep in the sparse ipfilter
documentation to find out about that, and it's totally
counter-intuitive. So in that case we'll have to multiply the TCP
timeout by 2 and maybe adjust the half closed and UDP "ack timeout"
too (no other timeouts are changed by m0n0wall).

> 1) The "10-day" timeout was really only a 5-day timeout (as noted
> in the comment in the source).

IMHO still way too much on today's Internet.

- Manuel