[ previous ] [ next ] [ threads ]
 From:  Maarten Poell <maarten dot poell at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Set TCP idle timeout through exec.php version 1.11
 Date:  Wed, 6 Jul 2005 16:59:51 +0200
I run M0n0wall version 1.11 at my colo on a Nexcom NSA 1041.

At this time my state table is filled with +/- 1000 active entries
(ipfstat -s) at medium traffic.

For version 1.11 the defaults are:
Max state table: around 4000
TCP idle timeout: 10 days=20

I know that of Beta 1.2b2 these values changed to 30000 and 2,5 hour
(that's more like it for a production environment).

After reading the archives i found out that it's not possible to change the Max
state table through the exec.php, it's hard coded and is loaded during
the boot process (please correct me if I'm wrong). I already checked
the ipf rules so that their are no unnecessary broken entries in the
state table

Question 1:
Is it possible to change the TCP idle timeout to a lower value through
exec.php or at boot time by adding a <shellcmd> command in the
config.xml. So that the state table release it's entries quicker?

Question 2:
Which Beta release from Beta 1.2b2 would be best for my environment?

And finally regards and great respect to Manual and the team for
making a great firewall and all the effort, support and time spent on M0n0wall
and M0n0BSD.