<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Yep, all understood there. And lord knows I with I was using apache here except I'm using a proprietary application that I can't hack on and so the question about if it was possible at an OS level. It's linux, of course there is a way. I was just hoping perhaps it might be a sysctl call rather than C code. :) Igor Guarisma wrote: <blockquote cite="mid20050726140103.54757.qmail@web33104.mail.mud.yahoo.com" type="cite"> <pre wrap="">I'm going with Mike here! I don't really think there's a way to do this with the kernel nor iptables (which is part of the kernel), and I'm sure that that Apache option will work fine on the case of a WebServer. I think you can work on a script that get a netstat and get from there the connections on TIME_WAIT and meassure the time somehow and given some time, kill the connection. --- Mike McGrath <a class="moz-txt-link-rfc2396E" href="mailto:mmcgrath@iesabroad.org"><mmcgrath@iesabroad.org></a> escribió: </pre> <blockquote type="cite"> <pre wrap=""> </pre> <blockquote type="cite"> <pre wrap="">-----Original Message----- From: <a class="moz-txt-link-abbreviated" href="mailto:fedora-list-bounces@redhat.com">fedora-list-bounces@redhat.com</a> [<a class="moz-txt-link-freetext" href="mailto:fedora-list-bounces@redhat.com">mailto:fedora-list-bounces@redhat.com</a>] On Behalf </pre> </blockquote> <pre wrap="">Of Naoki </pre> <blockquote type="cite"> <pre wrap="">Sent: Tuesday, July 26, 2005 2:55 AM To: <a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> Subject: TCP/IP stack questions on timeouts and </pre> </blockquote> <pre wrap="">dropping connections. </pre> <blockquote type="cite"> <pre wrap="">Hi all, Quick question. Is there a way (kernel parameter </pre> </blockquote> <pre wrap="">or iptables </pre> <blockquote type="cite"> <pre wrap="">hack ) to drop connections that last over an </pre> </blockquote> <pre wrap="">arbitrary time </pre> <blockquote type="cite"> <pre wrap="">value. Even better would be the ability to </pre> </blockquote> <pre wrap="">restrict that rule </pre> <blockquote type="cite"> <pre wrap="">to a specific TCP port. So for example drop </pre> </blockquote> <pre wrap="">connections to </pre> <blockquote type="cite"> <pre wrap="">port 80 that have been established for over 20 </pre> </blockquote> <pre wrap="">seconds? </pre> <blockquote type="cite"> <pre wrap="">A little odd to want to do this I know... -- fedora-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> To unsubscribe: </pre> </blockquote> <pre wrap=""><a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/fedora-list">http://www.redhat.com/mailman/listinfo/fedora-list</a> </pre> <blockquote type="cite"> <pre wrap=""> </pre> </blockquote> <pre wrap="">Often times this is controlled by the application. In your example if using apache you can use the TimeOut directive. I would assume you only want to drop connections that are idle? I do not know of any way to set this in the kernel. </pre> </blockquote> <pre wrap=""><a class="moz-txt-link-freetext" href="http://httpd.apache.org/docs/2.0/mod/core.html#timeout">http://httpd.apache.org/docs/2.0/mod/core.html#timeout</a> </pre> <blockquote type="cite"> <pre wrap=""> -Mike -- fedora-list mailing list <a class="moz-txt-link-abbreviated" href="mailto:fedora-list@redhat.com">fedora-list@redhat.com</a> To unsubscribe: <a class="moz-txt-link-freetext" href="http://www.redhat.com/mailman/listinfo/fedora-list">http://www.redhat.com/mailman/listinfo/fedora-list</a> </pre> </blockquote> <pre wrap=""> __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - <a class="moz-txt-link-freetext" href="http://correo.espanol.yahoo.com/">http://correo.espanol.yahoo.com/</a> </pre> </blockquote> </body> </html>