On Thu, Jan 5, 2017 at 1:42 PM, Kevin Cernekee <[email protected]> wrote: > + * nfct timeout add long-timewait inet tcp \ > + * established 1000 close 10 time_wait 10 last_ack 10 > + * nfct timeout add long-timewait inet tcp time_wait 3600 > + * iptables -t raw -A OUTPUT -p udp --dport 1900 -j CT --helper ssdp \ > + * --timeout long-timewait
Oops, looks like this will not work (and it has a C&P error). Instead, I'll tweak the systemwide timeouts for now. Is there a way that a conntrack user helper can change the timeout policy on a per-flow basis using NF_CT_NETLINK_TIMEOUT? (It would be even better if the NOTIFY expectation can stay active after its parent conntrack disappears, but I wasn't able to find a way to do that.) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
