Hi folks, Unfortunately I have a linux firewall which see half of packets because of a bad designed network. nfconntrack table is full of these entries: ipv4 2 tcp 6 431303 ESTABLISHED src=172.23.1.21 dst=82.9.69.137 sport=25 dport=4036 packets=2 bytes=256 [UNREPLIED] src=82.9.69.137 dst=172.23.1.21 sport=4036 dport=25 packets=0 bytes=0 mark=0 use=1 because netfilter never see the fin/rst tcp packets. They never expires and sometimes linux logs these messages: nf_conntrack: table full, dropping packet Is there a way to tell netfilter to delete these entries? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
