Created attachment 203189 [details]
Timeout values (global and per rule) are not recognised. This issue is present since at least 10.3, I'm now reporting since I have a test case on a machine with a recent version of FreeBSD (11.2-RELEASE-p8).
Steps to reproduce:
* load attached simple pf.conf
* start local nc in listening mode on port 12345
* telnet inbound (from another machine) to port 12345
* disconnect telnet
* see wrong timeouts in state list
The global timeout for finwait/closing are set to 20/25, the per rule timeouts are set to 15/10.
The timeouts applied can be check with the command:
# pfctl -vvvss | grep -B2 'rule 2'
1) after establishing client connection:
all tcp x.x.x.x:12345 <- y.y.y.y:53187 ESTABLISHED:ESTABLISHED
[3217899334 + 29312] wscale 6 [1370442108 + 65537] wscale 7
age 00:00:02, expires in 23:59:58, 2:1 pkts, 112:60 bytes, rule 2
2) after closing client connection:
all tcp x.x.x.x:12345 <- y.y.y.y:53187 FIN_WAIT_2:FIN_WAIT_2
[3217899335 + 29312] wscale 6 [1370442110 + 65664] wscale 7
age 00:00:04, expires in 00:01:29, 4:3 pkts, 216:164 bytes, rule 2
So clear to see: neither global timeout nor per rule timeout are applied here. Instead, the defaults are used (90s for closing).