shorewall show connections shows 2-3000 stale connections on my firewall, most have this form
tcp 6 340940 ESTABLISHED src=192.168.182.7 dst=64.4.61.249 sport=1341 dport=80 packets=17 bytes=15182 [UNREPLIED] src=64.4.61.249 dst=192.168.182.7 sport=80 dpo rt=1341 packets=0 bytes=0 mark=0 secmark=0 use=1 From what I understand the 340940 is the timeout value, the kernel values for this case are ... from /proc/sys/net/ipv4/netfilter ip_conntrack_sctp_timeout_established:432000 ip_conntrack_tcp_timeout_established:432000 which is 5 days .... Isn't this a huge number ???? Regards Harry. ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
