On Tue, Feb 19, 2002 at 04:54:00PM -0800, Mike Barrett wrote: > Hi, I was just curious if there was any way to set up iptables so > that it will drop a connection after that connection has been idle for a > specified period of time? Thanks in advance for your help.
It's usually done at the application level. Some applications expect longer idle period than others. But take a look at the following link: http://www.cs.princeton.edu/~jns/security/iptables/iptables_conntrack.html You can tweak the timeouts but it does not mean that the connections will be dropped at the end-points. It simply means that the conntrack will forget about the established connections and the subsequent packets will be treated as NEW traffic which usually means that it will be flagged as INVALID and and dropped. But you will end up with stale connections at the end-points. Ramin
