How to set netfilter variables on Kernel???

How to set netfilter variables on Kernel???

[Jorge Agrelo]

Does anybody can help me to set or leave by default the following netfilter 
variables at a Border/Firewall running kernel 2.6.9 and iptables 1.2.11 ???

ip_conntrack_buckets
ip_conntrack_generic_timeout
ip_conntrack_icmp_timeout
ip_conntrack_max
ip_conntrack_tcp_timeout_close
ip_conntrack_tcp_timeout_close_wait
ip_conntrack_tcp_timeout_established
ip_conntrack_tcp_timeout_fin_wait
ip_conntrack_tcp_timeout_last_ack
ip_conntrack_tcp_timeout_syn_recv
ip_conntrack_tcp_timeout_syn_sent
ip_conntrack_tcp_timeout_time_wait
ip_conntrack_udp_timeout
ip_conntrack_udp_timeout_stream

Thanks in advance

Re: How to set netfilter variables on Kernel???

[Jose Maria Lopez]

El mar, 28 de 12 de 2004 a las 23:09, Jorge Agrelo escribió:
> Does anybody can help me to set or leave by default the following netfilter 
> variables at a Border/Firewall running kernel 2.6.9 and iptables 1.2.11 ???
> 
> ip_conntrack_buckets
> ip_conntrack_generic_timeout
> ip_conntrack_icmp_timeout
> ip_conntrack_max
> ip_conntrack_tcp_timeout_close
> ip_conntrack_tcp_timeout_close_wait
> ip_conntrack_tcp_timeout_established
> ip_conntrack_tcp_timeout_fin_wait
> ip_conntrack_tcp_timeout_last_ack
> ip_conntrack_tcp_timeout_syn_recv
> ip_conntrack_tcp_timeout_syn_sent
> ip_conntrack_tcp_timeout_time_wait
> ip_conntrack_udp_timeout
> ip_conntrack_udp_timeout_stream
> 
> Thanks in advance

The easiest way to set this variables it's to create a
script in /etc/rc.d/init.d and add it to the runlevel
you are using with chkconfig or similars. You can also
add some lines to /etc/rc.d/rc.local to set the
variables.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

Re: How to set netfilter variables on Kernel???

[Jason Opperisano]

On Tue, 2004-12-28 at 17:09, Jorge Agrelo wrote:
> Does anybody can help me to set or leave by default the following netfilter 
> variables at a Border/Firewall running kernel 2.6.9 and iptables 1.2.11 ???
> 
> ip_conntrack_buckets
> ip_conntrack_generic_timeout
> ip_conntrack_icmp_timeout
> ip_conntrack_max
> ip_conntrack_tcp_timeout_close
> ip_conntrack_tcp_timeout_close_wait
> ip_conntrack_tcp_timeout_established
> ip_conntrack_tcp_timeout_fin_wait
> ip_conntrack_tcp_timeout_last_ack
> ip_conntrack_tcp_timeout_syn_recv
> ip_conntrack_tcp_timeout_syn_sent
> ip_conntrack_tcp_timeout_time_wait
> ip_conntrack_udp_timeout
> ip_conntrack_udp_timeout_stream
> 
> Thanks in advance

if you have to ask--leave them at their default values.

-j

--
"Oh, people can come up with statistics to prove anything, Kent. 14%
 of people know that."
	--The Simpsons