Dzianis Kahanovich wrote:
Something like this (average (TOO average) timeout, untested!)
^^^^^^^^^
Sorry, "10*60*HZ" = 10 min ;)). 10*HZ = 10 sec.
Dzianis Kahanovich wrote:
i would like to use connlimit module, but i don't know which version
of patch-o-matic should i use on which version of kernel and
iptables. Could someone help me?
Thanks a lot
Latest kernel & iptables. Connlimit now inside of kernel.
PS But I lazy think about patch of connlimit to bound timeout. While
users using keep-alive connections - there are too abstract
classification (I use slowdown "abusers"). IMHO it is easy (in entry
listing add one "if" with existing "timeout" field, but I use proxy
too and first timout need for proxy, then I do not do nothing while -
I do not know how to do it in squid).
--
WBR,
Denis Kaganovich, mahatma@xxxxx http://mahatma.bspu.unibel.by
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
