On Thursday 2010-03-18 01:20, Robert Nichols wrote: > > And, I just noticed that the protocol is UDP. The only way a UDP > entry gets removed from conntrack is by timing out, and that can take > up to 3 minutes (see the values in > /proc/sys/net/netfilter/nf_conntrack_udp_timeout*). No, that is not the only way. You can manually remove entries with `conntrack -D ...`. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html