From: Rusty Russell <rusty@rustcorp.com.au>
To: Darrell A Escola <darrell-sg@descola.net>
Cc: linux-kernel@vger.kernel.org, netfilter@lists.samba.org
Subject: Re: iptables in 2.4.10, 2.4.11pre6 problems
Date: Wed, 24 Oct 2001 14:25:12 +1000 [thread overview]
Message-ID: <20011024142512.4f22ab17.rusty@rustcorp.com.au> (raw)
In-Reply-To: <20011019061830.A8087@descola.net>
In-Reply-To: <1002646705.2177.9.camel@aurora> <Pine.LNX.4.33.0110091005540.209-100000@desktop> <20011010135503.4f5c06b9.rusty@rustcorp.com.au> <20011019061830.A8087@descola.net>
On Fri, 19 Oct 2001 06:18:30 -0700
Darrell A Escola <darrell-sg@descola.net> wrote:
> I have been running 2.4.10-ac11 for 7 days now with
> TCP_CONNTRACK_CLOSE_WAIT set to 120 seconds - this has stopped nearly
> all firewall activity on established connections.
OK... I think this needs changing then. Can everyone please try the following
trivial patch and report any changes?
Thanks!
Rusty.
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.12-official/net/ipv4/netfilter/ip_conntrack_proto_tcp.c working-2.4.12-tcptime/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- linux-2.4.12-official/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Sun Apr 29 06:17:11 2001
+++ working-2.4.12-tcptime/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Wed Oct 24 14:23:26 2001
@@ -55,7 +55,7 @@
2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
10 SECS, /* TCP_CONNTRACK_CLOSE, */
- 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
+ 2 MINS, /* TCP_CONNTRACK_CLOSE_WAIT, */
30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
2 MINS, /* TCP_CONNTRACK_LISTEN, */
};
next prev parent reply other threads:[~2001-10-24 4:25 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-10-09 16:58 iptables in 2.4.10, 2.4.11pre6 problems Trever L. Adams
2001-10-09 17:07 ` Jeffrey W. Baker
2001-10-09 17:30 ` Trever L. Adams
2001-10-09 18:31 ` Jeffrey W. Baker
2001-10-09 18:40 ` Trever L. Adams
2001-10-09 20:48 ` Jeffrey W. Baker
2001-10-09 22:00 ` Trever L. Adams
2001-10-09 22:46 ` Luigi Genoni
2001-10-09 22:49 ` Trever L. Adams
2001-10-09 23:02 ` Luigi Genoni
2001-10-09 23:05 ` Jeffrey W. Baker
2001-10-09 23:40 ` Luigi Genoni
2001-10-10 8:45 ` Sebastian Benoit
2001-10-10 3:55 ` Rusty Russell
2001-10-19 13:18 ` Darrell A Escola
2001-10-24 4:25 ` Rusty Russell [this message]
2001-10-28 16:45 ` Michael Rash
2001-10-09 17:40 ` Wilson
2001-10-09 18:43 ` Trever L. Adams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011024142512.4f22ab17.rusty@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=darrell-sg@descola.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox