Jan Engelhardt wrote: > > On Wednesday 2008-04-23 10:54, Marco Berizzi wrote: >> >>Unfortunately I have a linux firewall >>which see half of packets because of a >>bad designed network. >>nfconntrack table is full of these entries: >> >>ipv4 2 tcp 6 431303 ESTABLISHED src=172.23.1.21 dst=82.9.69.137 >>sport=25 dport=4036 packets=2 bytes=256 [UNREPLIED] src=82.9.69.137 >>dst=172.23.1.21 sport=4036 dport=25 packets=0 bytes=0 mark=0 use=1 >> >>because netfilter never see the fin/rst >>tcp packets. >>They never expires and sometimes linux >>logs these messages: >> >>nf_conntrack: table full, dropping packet >> >>Is there a way to tell netfilter to delete >>these entries? > > Would not it be better to disable connection tracking for > the asymmetrically routed packets? Is there a way to do it? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
