On Friday 19 June 2009, 14:03 David Balažic wrote: > One more thing: Where is the timeout for this set ? /proc/sys/net/netfilter/nf_conntrack_generic_timeout I presume. > After the mentioned ping, the world can contact me for hours. That's much too long for the default setting of a timeout. AFAIK the heartbeat client must send keepalive packets every 300 seconds so the tunnel and connection tracking timeouts may influence each other. > I want to lower the timeout to a minute or so, so I can test the > setting without the need to wait hours for the timeout to happen. Why do you want to conntrack proto-41 packets at all? If you're worried about security, filter the IPv6 traffic using ip6tables. Benedikt -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
