Disconnecting Connections at a Specific Time "Active" connections stay in the connections table until they are either terminate or expire. The rulebase only controls when connections start, they do not control how long they are allowed to stay connected. One way to stop this would be to use "SAM" (suspicious activity monitoring) on FireWall-1 4.0 and later. At a specified time, run a command via cron that blocks all quake traffic and disconnects any active session for a specific period of time. Once the "timeout" for that command expires (you can set it as low or as high as you want), everything should go through your rulebase normally. The "old" connections should theoretically be forgotten about.
More information about the 'fw sam' command can be found by typing it on the command line or reading the Architecture and Administration Manual.
--
PhoneBoy - 10 Jan 2004
FAQForm FAQs.Class:
MiscellaneousFAQs FAQs.OS: FAQs.Version:
Disconnecting Connections at a Specific Time 
2005-08-12 
Disconnecting Connections at a Specific Time 
Linear Mode
