Le jeu 17/10/2002 =E0 11:37, jrw@ngi.be a =E9crit : > How could I remove a connection listed in the ip_conntrack file? > Because, now, I must wait until the timeout... See ipconntrack thread : you can't. > And if it's not possible, is there a way to change the timeout? Apply patch-o-matic tcp-window-tracking patch which provide a set of sysctl (/proc/sys/net/ipv4/netfilter/) to tweak conntrack behaviours, such as timeout. As far as I can remember, this feature has been released separatly from TCP windows tracking and posted to devel mailing list, but I can't find related post :/ Another way is to directly hack kernel sources to modify thoses timeouts into header files. --=20 C=E9dric Blancher <blancher@cartel-securite.fr> Consultant en s=E9curit=E9 des syst=E8mes et r=E9seaux - Cartel S=E9curi= t=E9 T=E9l: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
