On 7/7/2012 4:52 AM, Amos Jeffries wrote:
<snip>
#i use conntrack to flush the old sessions so all the new ones will be
redirected to squid.
conntrack -F
This need to be noted as quite dangerous. It will force all existing
connections into the NEW state and pass them through Squid
*immediately*. Which will result in Squid rejecting all the invalid
half-completed HTTP transactions.
New connections will go through TPROXY and get conntrack records
associated with it anyway, without need of a flush.
Idle HTTP connections are the exception here. The next packet Squid
sees is valid HTTP so they are not rejected.
thanks for the note good.
indeed you are right and i have another script that i have used to FLUSH
only specific criteria session's but it was really meant only as an
init\startup script so no harm should be done there unless the admin is
really into reconfigure the server every couple minutes.
#i have used a router so i needed to flush the routes cache
ip -s route flush cache
#end
ELiezer
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
