I see conntrack examples where a device used to forward packets can drop idle connections after a short time. For example, http://stackoverflow.com/questions/9322325/ip-conntrack-tcp-timeout-established-not-applied-to-entire-subnet But can conntrack also be used on the end device, such as the server in a normal TCP client/server scenario? I'm looking at a customer issue that we suspect may be caused by an aggressive customer firewall dropping TCP connections after a very short idle time. I was hoping to duplicate the customer scenario with iptable rules to quickly drop "idle" TCP connections. Can this be done? > uname -rvp 3.19.0-30-generic #34-Ubuntu SMP Fri Oct 2 22:08:41 UTC 2015 x86_64 > dpkg -l | grep conntr ii conntrack 1:1.4.2-2ubuntu1 amd64 Program to modify the conntrack tables ii libnetfilter-conntrack3:amd64 1.0.4-1 amd64 Netfilter netlink-conntrack library TIA. Stéphane -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
