On Sun, 2004-10-03 at 04:41, www.piratehosting.net wrote: > i run 2 irc servers for a small hosting company. > ip contrack gets full all the time no matter what limits i set > echo 40192 > /proc/sys/net/ipv4/ip_conntrack_max > > My question is: > can i safely remove ip conntrack all together? > rmmod ip_conntrack > rmmod ip_conntrack_ftp > rmmod ip_conntrack_irc > rmmod ip_conntrack > rmmod ipt_state > > I dont really understand what it does but the table keep filling up im > sure its some kinda attact on my servers. > does it do anything at all i use a simple firewall (apf) and only these rules. > in > /etc/sysctl.conf > net.ipv4.icmp_echo_ignore_broadcasts = 1 > net.ipv4.icmp_echo_ignore_all = 1 > net.ipv4.tcp_max_syn_backlog = 1024 > net.ipv4.icmp_ignore_bogus_error_responses = 1 > net.ipv4.tcp_syncookies = 1 i'm beginning to think that you have a horribly misconfigured irc server. do you really have 40,000 simultaneous IRC connections? -j -- Jason Opperisano <opie@xxxxxxxxxxx>
