Change udp state timeout?? IAX2 Asterisk VoIP protocol.

--DocE+STaALJfprDB
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello all!

I use IP-Filter 3.4.30 on a Solaris 9 sparc system.

Is there a possibility to change the state timeout for an UDP
connection? The timeout is obviously set to 120 seconds. It is
possible to view this with the "ipfstat -t" command.

The problem I see, is with the IAX2 Asterisk VoIP protocol. It is
supposed to keep a UDP "connection" open through firewalls and
NAT gateways with a regular "heart beet" which in real life is a
md5 authentication. This "heart beet" seems to have a period
slightly longer than 2 minutes. Different equipment, with
different implementations seems to have a slightly varying
retry period. This is working excellent through many/most
firewalls/gateways. But I miss some calls due to expired udp
state for this type of "connection".

I found the "age" option for the "map" rule, but it is not well
documented what it does and I guess it is unrelated. Is there
some possibility to write a "keep state" role with specified
timeout?=20

The even better solution would be to have an IAX2 proxy in
ip-filter! A built in stateful SIP proxy is also on the wish list, but
would be *far* more complicated.

Thanks: H=E5kan


--DocE+STaALJfprDB
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iD8DBQFDRONxHuBMgSRdZNQRAlOsAJ9vQB49yYj0aeMGaZ6Vhd lpriJaQQCfbL++
wo2z7oF8VgqNr+d8Od89/1I=
=2M2R
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--