Re: ip_conntrack garbage
- From: Grant <g_r_a_n_t_@xxxxxxxxxxx>
- Date: Wed, 28 Dec 2005 07:41:10 +1100
On Tue, 27 Dec 2005 14:24:55 -0600, Jim Garrison <jhg@xxxxxxxxxxxxxxx> wrote:
>Yesterday I ran an nmap portscan on our internal network
>from our Linux router/firewall (FC4 kernel 2.6.14-1.1653).
>
>Today I was looking in /proc/net/ip_conntrack and see one
>[UNREPLIED] entry for each unsuccessful probe (i.e. one per
>internal unallocated IP address) in the table.
>
>Aren't these supposed to go away after a while? They've been
>in the conntrack table now for about 22 hours.
That's okay, just over four days to go ;-)
>
>Is this a bug? If they don't go away, will my conntrack table
>eventually fill up?
No. Yes.
>
>Can I change the timeout value or flush the conntrack table
>to clean up the stale entries?
Why bother, the stale entries will be reused when required.
Grant.
.
- Follow-Ups:
- Re: ip_conntrack garbage
- From: Jim Garrison
- Re: ip_conntrack garbage
- References:
- ip_conntrack garbage
- From: Jim Garrison
- ip_conntrack garbage
- Prev by Date: ip_conntrack garbage
- Next by Date: Re: ip_conntrack garbage
- Previous by thread: ip_conntrack garbage
- Next by thread: Re: ip_conntrack garbage
- Index(es):
