What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

How long does the firewall remain stateful?

M

marnold

Regular Contributor
This question ties in with my other thread, but is really a separate issue.

How long does the firewall remain stateful? For example, if my phone requests connection to a certain IP on a certain port, how long will iptables "remember" that before it considers the connection no longer needed and the port will be blocked? That would help me track down my problem in the above mentioned thread. I've been digging through iptables documentation but I haven't found anything definitive.

FWIW, I'm using an RT-N66U with Merlin's latest firmware.
 
marnold said:
This question ties in with my other thread, but is really a separate issue.

How long does the firewall remain stateful? For example, if my phone requests connection to a certain IP on a certain port, how long will iptables "remember" that before it considers the connection no longer needed and the port will be blocked? That would help me track down my problem in the above mentioned thread. I've been digging through iptables documentation but I haven't found anything definitive.

FWIW, I'm using an RT-N66U with Merlin's latest firmware.
Click to expand...

The default conntrack values are configurable under Tools -> Other Settings. That will also show you the values used for the various timeouts.
 
Interesting. I guess I didn't realize that that's what those settings were for. In my specific case, the calls from Republic Wireless come in on UDP port 5090. According to their techs, the wifi calling is only registers once an hour. The UDP Timeout: Assured is set by default to three minutes. Would it be wise/sane to set it for something over an hour?
 
marnold said:
Interesting. I guess I didn't realize that that's what those settings were for. In my specific case, the calls from Republic Wireless come in on UDP port 5090. According to their techs, the wifi calling is only registers once an hour. The UDP Timeout: Assured is set by default to three minutes. Would it be wise/sane to set it for something over an hour?
Click to expand...

I'd be worried about the impact of running a torrent client which would establish a lot of UDP connections.

Doesn't your device support some kind of keep-alive option?
 
I've contacted their tech support about that. Currently it doesn't. I usually don't use torrents unless there's a new Slackware release.
 
marnold said:
I've contacted their tech support about that. Currently it doesn't. I usually don't use torrents unless there's a new Slackware release.
Click to expand...

Give it a try then. P2P applications such as Bittorrent are pretty much the only applications that can potentially open many UDP connections at once, so it should be safe if it does resolve your issue.
 
I bumped it up to 4200 (70 minutes) but unfortunately that didn't help. Still bounced off the firewall.
 
You must log in or register to reply here.

Similar threads

D
Entware [AX86U Merlin 3004.388.9_2] Disabling Firewall in WebUI allows Transmission to open the famous closed port, but WebUI Port Forwarding does not.
Replies
1
Views
353
dave14305
dave14305
MegaMango
XrayUI – A Simple Way to Manage Xray-Core on the ASUS Router
Replies
4
Views
3K
Tech9
Tech9
H
Solved Beginners firewall question.
Replies
6
Views
2K
Henk-J
H
P
firewall, inbound firewall rules and port forwarding (on RT-AX58U) clarification
Replies
5
Views
4K
eibgrad
eibgrad
Q
VPN Fusion and firewall/port forwarding
Replies
0
Views
884
qpeg
Q

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 657 (members: 19, guests: 638)
Back
Top