El dom, 03 de 10 de 2004 a las 10:41, www.piratehosting.net escribiÃ: > i run 2 irc servers for a small hosting company. > ip contrack gets full all the time no matter what limits i set > echo 40192 > /proc/sys/net/ipv4/ip_conntrack_max > > My question is: > can i safely remove ip conntrack all together? > rmmod ip_conntrack > rmmod ip_conntrack_ftp > rmmod ip_conntrack_irc > rmmod ip_conntrack > rmmod ipt_state > > I dont really understand what it does but the table keep filling up im > sure its some kinda attact on my servers. > does it do anything at all i use a simple firewall (apf) and only these rules. > in > /etc/sysctl.conf > net.ipv4.icmp_echo_ignore_broadcasts = 1 > net.ipv4.icmp_echo_ignore_all = 1 > net.ipv4.tcp_max_syn_backlog = 1024 > net.ipv4.icmp_ignore_bogus_error_responses = 1 > net.ipv4.tcp_syncookies = 1 The more logical way of acting is looking at your logs and identify the connections that you think are fulling your ip_conntrack table, surely they are connections to port 445, 135,139 and similars. If you don't need this ports you should DROP them in your firewall. If you really have so much connections that you can't really use conntrack, something I find improbable, then you can deactivate it the way you say, but I advise you not to do it, better tune your firewall to have less connections. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
