From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cedric Blancher Subject: Re: ip_conntrack Date: 17 Oct 2002 12:12:33 +0200 Sender: netfilter-admin@lists.netfilter.org Message-ID: <1034849553.13111.2.camel@elendil> References: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: Errors-To: netfilter-admin@lists.netfilter.org List-Help: List-Post: List-Subscribe: , List-Id: List-Unsubscribe: , List-Archive: Content-Type: text/plain; charset="iso-8859-1" To: jrw@ngi.be Cc: netfilter@lists.netfilter.org Le jeu 17/10/2002 =E0 11:37, jrw@ngi.be a =E9crit : > How could I remove a connection listed in the ip_conntrack file? > Because, now, I must wait until the timeout... See ipconntrack thread : you can't. > And if it's not possible, is there a way to change the timeout? Apply patch-o-matic tcp-window-tracking patch which provide a set of sysctl (/proc/sys/net/ipv4/netfilter/) to tweak conntrack behaviours, such as timeout. As far as I can remember, this feature has been released separatly from TCP windows tracking and posted to devel mailing list, but I can't find related post :/ Another way is to directly hack kernel sources to modify thoses timeouts into header files. --=20 C=E9dric Blancher Consultant en s=E9curit=E9 des syst=E8mes et r=E9seaux - Cartel S=E9curi= t=E9 T=E9l: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE