On Wed, 6 Nov 2002 15:41:51 GMT, Wolfgang Rupprecht wrote:

> How does pf handle state from an outgoing connection that is closing?

The first FIN from either side (after passing sequence number checks, of
course) puts the state entry into tcp.closing, and a subsequent ACK
from the other side puts the state into tcp.finwait.

The state will be removed after no packet has been associated with it
for a number of seconds, the default timeout values are 900 seconds for
tcp.closing and 45 seconds for tcp.finwait. If subsequent packets like
retransmissions or parts of a simultanous close match the state entry,
the timer is reset again (to tcp.closing or tcp.finwait, respectively).

Timeouts can be set globally and overriden per rule for tcp.first,
.opening, .established, .closing, .finwait and .closed.

There's no difference between outgoing or incoming connections.

Daniel