Re: ip_conntrac

And connected to the internet, so you really want to keep such a
system updated. What does 'uname -r' tell at all?


Also, I originally asked about the possibillity of removing connections
from the ip_conntrac table. Which new version has a tool for this? and
why can't I run that tool under RH 9?

You showed us during this thread you don't have the ability to


Presuming as your aged system/kernel doesn't provide the
capability. Hence you can't influence the timeout to avoid the
situation in the first place.

None talked about any kind of tool to remove those and I don't

I asked originally how to remove those specific entries. if it's not
via tcp timout then it obviously has to be through a 'tool'.

see a possibility through /proc as the cache is read-only, though
you could try reloading the module as someone already pointed

Yes it is, you just didn't faced the fact until now. Top posting
want help you.

No it isn't. I asked how to delete those entries, lowering tcp timeout
has other consequences and is in any case not a solution if a virus
creates thousands of conenctions that then has to sit there for 2 days
because the timeout is now 2 days in stead of 5 days (or 2 hours, for
that matter). Furthermore, I have no guarantee that a newer version can
do anything about this other than lowering the tcp timeout.

Regarding 'top posting': trying to somehow add more clout to your
statements by saying patronising things like that has the exact
opposite effect.....