TCP/IP stack questions on timeouts and dropping connections.

[Igor Guarisma]

I'm going with Mike here! I don't really think there's
a way to do this with the kernel nor iptables (which
is part of the kernel), and I'm sure that that Apache
option will work fine on the case of a WebServer.

I think you can work on a script that get a netstat
and get from there the connections on TIME_WAIT and
meassure the time somehow and given some time, kill
the connection.

 
 --- Mike McGrath <mmcgrath at iesabroad.org> escribió:

>  
> 
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com 
> > [mailto:fedora-list-bounces at redhat.com] On Behalf
> Of Naoki
> > Sent: Tuesday, July 26, 2005 2:55 AM
> > To: fedora-list at redhat.com
> > Subject: TCP/IP stack questions on timeouts and
> dropping connections.
> > 
> > Hi all,
> > 
> > Quick question.  Is there a way (kernel parameter
> or iptables 
> > hack ) to drop connections that last over an
> arbitrary time 
> > value. Even better would be the ability to
> restrict that rule 
> > to a specific TCP port.  So for example drop
> connections to 
> > port 80 that have been established for over 20
> seconds?
> > 
> > A little odd to want to do this I know...
> > 
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
> > 
> > 
> 
> Often times this is controlled by the application. 
> In your example if
> using apache you can use the TimeOut directive.  I
> would assume you only
> want to drop connections that are idle?  I do not
> know of any way to set
> this in the kernel.
> 
>
http://httpd.apache.org/docs/2.0/mod/core.html#timeout
> 
> 	-Mike
> 
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
> 


__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis! 
Regístrate ya - http://correo.espanol.yahoo.com/