summaryrefslogtreecommitdiff
path: root/usr.sbin
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin')
-rw-r--r--usr.sbin/relayd/pfe_filter.c6
-rw-r--r--usr.sbin/relayd/relayd.conf.57
2 files changed, 6 insertions, 7 deletions
diff --git a/usr.sbin/relayd/pfe_filter.c b/usr.sbin/relayd/pfe_filter.c
index 82e8f32e963..f9fb944834c 100644
--- a/usr.sbin/relayd/pfe_filter.c
+++ b/usr.sbin/relayd/pfe_filter.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfe_filter.c,v 1.28 2008/06/10 22:02:28 reyk Exp $ */
+/* $OpenBSD: pfe_filter.c,v 1.29 2008/06/10 23:12:36 reyk Exp $ */
/*
* Copyright (c) 2006 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -366,10 +366,10 @@ sync_ruleset(struct relayd *env, struct rdr *rdr, int enable)
/* Use sloppy state handling for half connections */
rio.rule.keep_state = PF_STATE_NORMAL;
rio.rule.rule_flag = PFRULE_STATESLOPPY;
- rio.rule.timeout[PFTM_TCP_CLOSING] =
- rdr->conf.timeout.tv_sec;
}
+ rio.rule.timeout[PFTM_TCP_ESTABLISHED] =
+ rdr->conf.timeout.tv_sec;
rio.ticket = env->sc_pf->pfte[rs].ticket;
if (ioctl(env->sc_pf->dev, DIOCBEGINADDRS, &pio) == -1)
fatal("sync_ruleset: cannot initialise address pool");
diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5
index 81aaf12833c..ec8837c1645 100644
--- a/usr.sbin/relayd/relayd.conf.5
+++ b/usr.sbin/relayd/relayd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: relayd.conf.5,v 1.85 2008/06/10 22:02:28 reyk Exp $
+.\" $OpenBSD: relayd.conf.5,v 1.86 2008/06/10 23:12:36 reyk Exp $
.\"
.\" Copyright (c) 2006, 2007 Reyk Floeter <reyk@openbsd.org>
.\" Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@openbsd.org>
@@ -439,8 +439,7 @@ Note that the hosts have to accept sessions for the same address as
the gateway, this is typically done by configuring a loopback
interface on the host with this address.
.It Ic session timeout Ar seconds
-Specify the timeout after closing in seconds for routed session
-states.
+Specify the inactivity timeout in seconds for established redirections.
The default timeout is 600 seconds (10 minutes).
.It Ic sticky-address
This has the same effect as specifying sticky-address
@@ -551,7 +550,7 @@ see the
.Sx PROTOCOLS
section below.
.It Ic session timeout Ar seconds
-Specify the timeout in seconds for accepted sessions.
+Specify the inactivity timeout in seconds for accepted sessions.
The default timeout is 600 seconds (10 minutes).
.El
.Sh PROTOCOLS