On Wednesday 31 December 1969 18:59, netfilter-request@xxxxxxxxxxxxxxxxxxx wrote: > Very interesting. This makes me think that there is a kernel routing > caching type issue. I expect that if this is indeed the case there could > (or should) easily be a way to flush said cache or adjust a garbage > collection interval. This might need to be (summarized and) cross posted > to a kernel developers mailing list to get their thoughts on it. You just spurred an idea in me: My appliance works by creating a separate routing table for each gateway connection that is online. As hosts are authorized, to a particular gateway aside form the predictable firewall rules, they get a routing rule, to use the proper default route for that gateway. Like this: /sbin/ip rule add from %(hostip)s lookup %(gwtablename)s /sbin/ip route flush cache When the host is deauthorized: /sbin/ip rule del from %(hostip)s lookup %(gwtablename)s /sbin/ip route flush cache Maybe I need some more 'flush cache' calls around where I make that routing table and destory it...if it's not that there's a bug someplace in the cache code.