Re: ip_conntrac





And connected to the internet, so you really want to keep such a
system updated. What does 'uname -r' tell at all?

2.4.20-8


Also, I originally asked about the possibillity of removing connections
from the ip_conntrac table. Which new version has a tool for this? and
why can't I run that tool under RH 9?

You showed us during this thread you don't have the ability to
modify:

/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

Presuming as your aged system/kernel doesn't provide the
capability. Hence you can't influence the timeout to avoid the
situation in the first place.

None talked about any kind of tool to remove those and I don't

I asked originally how to remove those specific entries. if it's not
via tcp timout then it obviously has to be through a 'tool'.

see a possibility through /proc as the cache is read-only, though
you could try reloading the module as someone already pointed
out.

Yes it is, you just didn't faced the fact until now. Top posting
want help you.

No it isn't. I asked how to delete those entries, lowering tcp timeout
has other consequences and is in any case not a solution if a virus
creates thousands of conenctions that then has to sit there for 2 days
because the timeout is now 2 days in stead of 5 days (or 2 hours, for
that matter). Furthermore, I have no guarantee that a newer version can
do anything about this other than lowering the tcp timeout.

Regarding 'top posting': trying to somehow add more clout to your
statements by saying patronising things like that has the exact
opposite effect.....

.