Firewall States Dump shows closed connections as established

[JasMan]

Hey,

I have noticed that the Firewall states dump overview under

Firewall:Diagnostics:States Dump

shows a lot of connections that should be closed long time ago.
Example: I've shut down my PC about 10 hours ago, and due to the state dump overview there are still over 140 HTTP and HTTPS established (only ESTABLISHED:ESTABLISHED, nothing else) connections to different destinations.

Did anybody else noticed that issue? How can I be prove that this is only an display issue?

Jas

[JasMan]

I've found out that this is not an issue. The configured default timeout for established TCP connections is 24h (see Firewall: Diagnostics: pfInfo and tcp.established)

Is this best practise to have such a high timeout for those type of connections?
Can I change it within the GUI?

[opnfwb]

Firewall/Settings/Advanced/Firewall Optimization is what you're looking for. Default is "normal". Be careful though, it changes more than just the parameters for "established" sessions. Attached a screenshot of option details.

[JasMan]

@openfwb Thank you. Do you know why such a high timeout for established connections is preferred? For my understanding todays TCP connections are sending keep-alives at least every 120 minutes.

[opnfwb]

I have only a basic understand of these so unfortunately I can't speak authoritatively as to why these defaults were chosen. Also it's worth noting that I took that screenshot from the other *sense site which is still FreeBSD based.

OPNsense may use different defaults if HardenedBSD changes these, but I don't know for sure. One of the devs would probably be able to shed more light on A) are the defaults different in HardenedBSD and B) why were the default values chosen?