Re: ip_conntrac
- From: Michael Heiming <michael+USENET@xxxxxxxxxxxxxx>
- Date: Sun, 6 Aug 2006 23:40:49 +0200
In comp.os.linux.networking nsa.usa@xxxxxxxxx <nsa.usa@xxxxxxxxx>:
And connected to the internet, so you really want to keep such a
system updated. What does 'uname -r' tell at all?
2.4.20-8
Iirc this is the RH 9 install kernel, full of bugs and you
haven't installed a single patch.;(
Also, I originally asked about the possibillity of removing connections
from the ip_conntrac table. Which new version has a tool for this? and
why can't I run that tool under RH 9?
You showed us during this thread you don't have the ability to
modify:
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
Presuming as your aged system/kernel doesn't provide the
capability. Hence you can't influence the timeout to avoid the
situation in the first place.
None talked about any kind of tool to remove those and I don't
I asked originally how to remove those specific entries. if it's not
via tcp timout then it obviously has to be through a 'tool'.
You asked and I said I wouldn't be aware of one and that it's
unlikely because the cache is read-only. Still you insist on some
tool?
see a possibility through /proc as the cache is read-only, though
you could try reloading the module as someone already pointed
out.
Yes it is, you just didn't faced the fact until now. Top posting
want help you.
No it isn't. I asked how to delete those entries, lowering tcp timeout
has other consequences and is in any case not a solution if a virus
creates thousands of conenctions that then has to sit there for 2 days
because the timeout is now 2 days in stead of 5 days (or 2 hours, for
that matter). Furthermore, I have no guarantee that a newer version can
do anything about this other than lowering the tcp timeout.
It's up to you to check the kernel change logs and kernel mailing
list archives and the source of course to see what has changed.
It is you who has the problem NOT *ME*!
Regarding 'top posting': trying to somehow add more clout to your
statements by saying patronising things like that has the exact
opposite effect.....
Whatever...
--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@xxxxxxxxxx | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 342: HTTPD Error 4004 : very old Intel cpu -
insufficient processing power
.
- References:
- ip_conntrac
- From: nsa.usa@xxxxxxxxx
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: nsa.usa@xxxxxxxxx
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: nsa.usa@xxxxxxxxx
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: nsa.usa@xxxxxxxxx
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: nsa.usa@xxxxxxxxx
- Re: ip_conntrac
- From: Michael Heiming
- Re: ip_conntrac
- From: nsa.usa@xxxxxxxxx
- ip_conntrac
- Prev by Date: Re: ip_conntrac
- Next by Date: Stats comp.os.linux.networking (last 7 days)
- Previous by thread: Re: ip_conntrac
- Next by thread: Re: ip_conntrac
- Index(es):
Relevant Pages
|
|
