<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Yep, all understood there. And lord knows I with I was using apache
here except I'm using a proprietary application that I can't hack on
and so the question about if it was possible at an OS level.<br>
<br>
It's linux, of course there is a way. I was just hoping perhaps it
might be a sysctl call rather than C code. :)<br>
<br>
Igor Guarisma wrote:
<blockquote
cite="mid20050726140103.54757.qmail@web33104.mail.mud.yahoo.com"
type="cite">
<pre wrap="">I'm going with Mike here! I don't really think there's
a way to do this with the kernel nor iptables (which
is part of the kernel), and I'm sure that that Apache
option will work fine on the case of a WebServer.
I think you can work on a script that get a netstat
and get from there the connections on TIME_WAIT and
meassure the time somehow and given some time, kill
the connection.
--- Mike McGrath <a class="moz-txt-link-rfc2396E" href="mailto:mmcgrath@iesabroad.org"><mmcgrath@iesabroad.org></a> escribió:
</pre>
<blockquote type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">-----Original Message-----
From: <a class="moz-txt-link-abbreviated" href="mailto:fedora-list-bounces@redhat.com">fedora-list-bounces@redhat.com</a>
[<a class="moz-txt-link-freetext" href="mailto:fedora-list-bounces@redhat.com">mailto:fedora-list-bounces@redhat.com</a>] On Behalf
</pre>
</blockquote>
<pre wrap="">Of Naoki
</pre>
<blockquote type="cite">
<pre wrap="">Sent: Tuesday, July 26, 2005 2:55 AM
To: <a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a>
Subject: TCP/IP stack questions on timeouts and
</pre>
</blockquote>
<pre wrap="">dropping connections.
</pre>
<blockquote type="cite">
<pre wrap="">Hi all,
Quick question. Is there a way (kernel parameter
</pre>
</blockquote>
<pre wrap="">or iptables
</pre>
<blockquote type="cite">
<pre wrap="">hack ) to drop connections that last over an
</pre>
</blockquote>
<pre wrap="">arbitrary time
</pre>
<blockquote type="cite">
<pre wrap="">value. Even better would be the ability to
</pre>
</blockquote>
<pre wrap="">restrict that rule
</pre>
<blockquote type="cite">
<pre wrap="">to a specific TCP port. So for example drop
</pre>
</blockquote>
<pre wrap="">connections to
</pre>
<blockquote type="cite">
<pre wrap="">port 80 that have been established for over 20
</pre>
</blockquote>
<pre wrap="">seconds?
</pre>
<blockquote type="cite">
<pre wrap="">A little odd to want to do this I know...
--
fedora-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a>
To unsubscribe:
</pre>
</blockquote>
<pre wrap=""><a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/fedora-list">http://www.redhat.com/mailman/listinfo/fedora-list</a>
</pre>
<blockquote type="cite">
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">Often times this is controlled by the application.
In your example if
using apache you can use the TimeOut directive. I
would assume you only
want to drop connections that are idle? I do not
know of any way to set
this in the kernel.
</pre>
</blockquote>
<pre wrap=""><!----><a class="moz-txt-link-freetext" href="http://httpd.apache.org/docs/2.0/mod/core.html#timeout">http://httpd.apache.org/docs/2.0/mod/core.html#timeout</a>
</pre>
<blockquote type="cite">
<pre wrap=""> -Mike
--
fedora-list mailing list
<a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a>
To unsubscribe:
<a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/fedora-list">http://www.redhat.com/mailman/listinfo/fedora-list</a>
</pre>
</blockquote>
<pre wrap=""><!---->
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - <a class="moz-txt-link-freetext" href="http://correo.espanol.yahoo.com/">http://correo.espanol.yahoo.com/</a>
</pre>
</blockquote>
<br>
</body>
</html>