How can I extend m0n0wall's timeout for UDP packets so that AFS callbacks work?
As of m0n0wall 1.8.1 (2014), there is no GUI support for changing the IPF timeout for UDP packets. However, if you are comfortable with editing m0n0wall's config.xml by hand, it is easy to make this adjustment. The directions can be found here: "Re: [m0n0wall] UDP port session time out".
I added the lines found below right after the last line of the "WebGUI" section,
which looks like </webgui>.
<!-- http://m0n0.ch/wall/list/showmsg.php?id=372/22 "Re: [m0n0wall] UDP port session time out" --> <earlyshellcmd>/sbin/ipf -D</earlyshellcmd> <earlyshellcmd>/sbin/sysctl net.inet.ipf.fr_udptimeout=720</earlyshellcmd> <earlyshellcmd>/sbin/sysctl net.inet.ipf.fr_udpacktimeout=720</earlyshellcmd> <earlyshellcmd>/sbin/ipf -E</earlyshellcmd>
Before doing this, you should probably check the "Status" page of your router to make sure you have enough free memory for the growth in the size of your firewall-state table. Because this "big hammer" approach extends the lifetime of all UDP "sessions", and because most of your UDP sessions are probably completely ephemeral sockets used for a single DNS query apiece, you may experience a significant increase in the size of your state table if your network contains lots of hosts (mine doesn't, and my memory was only 4% used to begin with).
