Re: Re: Flush ip_conntrack
ali_at_arles-electrique.de
Date: 08/29/05
- Previous message: Adam Hardy: "Re: adding modules to kernel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Mon, 29 Aug 2005 11:54:03 +0200 To: debian-user@lists.debian.org
hi list,
on my wrt54gs i use the following scrip to flush stale voip connections from
the conntrack table when my isp kicks me and my pppd gets a new ip on
reconnect. although i wrote it for this one purpose it should point out
what to tweak to get rid of stale conntrack-entries w/o unloading the
module (hint: there are more interesting files in /proc/sys/net/ipv4/netfilter/).
-snip-
#!/bin/ash
ppp_ip=foo
ppp_ip_old=bar
rm /tmp/conntrack_fix.log
udpstimeout=180
udptimeout=30
while true ; do ppp_ip=$(ifconfig ppp0 |grep inet |awk '{print $2}' |sed 's/addr:\(\)/\1/')
if [ x"$ppp_ip" = x"$ppp_ip_old" ] ; then
sleep 10
elif [ x"$ppp_ip_old" = x"bar" ] ; then
ppp_ip_old=$ppp_ip
else
echo "ppp ip changed: $ppp_ip_old -> $ppp_ip" >> /tmp/conntrack_fix.log
while (cat /proc/net/ip_conntrack |grep 5060 |grep -v "dst=$ppp_ip" \
|| cat /proc/net/ip_conntrack |grep 5036 |grep -v "dst=$ppp_ip" \
|| cat /proc/net/ip_conntrack |grep 4569 |grep -v "dst=$ppp_ip") ; do
echo "trying to flush conntrack cache" >> /tmp/conntrack_fix.log
echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo 0 > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
sleep 10
echo $udpstimeout > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
echo $udptimeout > /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
done
ppp_ip_old=$ppp_ip
fi
done &
-snap-
hth,
ali
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: stored
- Previous message: Adam Hardy: "Re: adding modules to kernel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
