Anze Vidmar wrote:
On Sun, 2005-08-21 at 12:06 +0600, Aroop Maliakkal wrote:
How can i close connections from a particular IP with immediate effect
after i dropped it using iptables. Still there are lot of connections in
state FIN_WAIT1..
Maybe you should rather use DROP instead of REJECT in your iptables
rules? Just a thought.
Anze
No ... It has nothing to do with REJECT/DROP rules
I think you should check the following values:
sysctl -a | grep fin_wait
On my machine the value is
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait = 120
Decreasing the value may help solve your problem.
Check it out ...
--
Get Thunderbird <http://www.mozilla.org/products/thunderbird/>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
