From: Fallucchi Antonio <fallucch@csr.unibo.it>
To: netfilter@lists.netfilter.org
Subject: Re: ip_conntrack_max
Date: Thu, 08 Jul 2004 19:02:56 +0200 [thread overview]
Message-ID: <40ED7E40.60800@csr.unibo.it> (raw)
In-Reply-To: <200407081429.24492.Antony@Soft-Solutions.co.uk>
> <>
> This is difficult. I think we should start by asking "what do you mean
> by a
> connection?" Remember that many web browsers, for example, will open 5-10
> simultaneous connections in order to load all the elements of a web page.
> DNS needs its own connections in order to do name lookups. Some
> connections
> are long-term (eg: telnet, ssh - even when you're not typing, the
> connection
> is still there), some are very transient (eg: http - once you have the
> page
> displayed, there's no connection between your browser and the server
> until
> you click on another hyperlink).
>
Thancks for the instruction..
> <>Why do you want to limit connections per machine? What are you
> trying to
> achieve?
>
The problem are the P2P software that create any connection on the
conntrack..
Because filter all p2p port is very difficult, I thought that to limit
the number of simultaneous connection
is a gooa idea..
>That sounds fine. Tell us if you get "connection tracking table full" errors
>again.
>
>Regards,
>
>Antony.
>
>
>
Bye
ps: it's ok the signature now?
--
---------------------------------------------------------------
| ||||||| || | Fallucchi Antonio Giuseppe mat. 2282 |
| || |||| | --> Live free() of die() <-- |
| |||| || || | OpenSource philosophy |
| || |||||||| | Universita' di Bologna sede di Cesena |
| || || || | Cdl di Scienze dell'Informazione |
---------------------------------------------------------------
next prev parent reply other threads:[~2004-07-08 17:02 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-07-08 9:38 ip_conntrack_max Fallucchi Antonio
2004-07-08 9:56 ` ip_conntrack_max Antony Stone
2004-07-08 10:31 ` ip_conntrack_max Fallucchi Antonio
2004-07-08 10:52 ` ip_conntrack_max Antony Stone
2004-07-08 13:13 ` ip_conntrack_max Fallucchi Antonio
2004-07-08 13:29 ` ip_conntrack_max Antony Stone
2004-07-08 17:02 ` Fallucchi Antonio [this message]
2004-07-08 17:21 ` ip_conntrack_max Fallucchi Antonio
2004-07-08 17:42 ` ip_conntrack_max Antony Stone
2004-07-08 15:28 ` ip_conntrack_max James Sneeringer
2004-07-08 9:56 ` ip_conntrack_max Evgeni Vachkov
-- strict thread matches above, loose matches on Subject: below --
2004-07-08 9:34 ip_conntrack_max Fallucchi Antonio
2003-02-13 19:04 ip_conntrack_max homsher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40ED7E40.60800@csr.unibo.it \
--to=fallucch@csr.unibo.it \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.