On Wed, May 09, 2007 at 05:02:45PM -0700, Tom Eastep wrote: > Brian J. Murrell wrote: > > On Wed, 2007-05-09 at 16:52 -0700, Tom Eastep wrote: > >> Brian J. Murrell wrote: > >> > >> I didn't mention that since you are running a 2.4 kernel -- I would be > >> astonished if conntrack works in that environment.
The specific requirement is for CONFIG_NETFILTER_NETLINK. I'm not sure when that first appeared, but it's not included in the kernel.org 2.4 kernels. > > This is quite a predicament. The only way to solve it, assuming I don't > > have control of the application generating the traffic going through the > > firewall is to reboot the firewall. :-( > > Or unload to conntrack kernel module. You can also set /proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout to something small and then physically remove the network cable for longer than that period of time. That should cause everything UDP in the conntrack table to expire, without causing significant interruption to TCP sessions, and it's present in 2.4. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
