On Mon, 2 May 2005, Mogens Valentin wrote:
I fail to understand why TCP_CONNTRACK_ESTABLISHED has to be 5 days.
The likelyhood for valid TCP connections without a single packet for some days is relatively high. Consider for example a SSH or telnet session left open over the weekend (without TCP keepalives enabled).
Well, maybe.. WRT ssh, this can be solved with something like
ClientAliveInterval 20; ClientAliveCountMax 15
giving a lifetime of 5mins before sshd disconnects, enough for me, since I never like keeping ssh sessions open (but thats just me).
Guess TCP_CONNTRACK_ESTABLISHED is something we'll have to set individually, according to use and conciousness :-
-- Kind regards, Mogens Valentin
- : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
