TCP/IP stack questions on timeouts and dropping connections.
Igor Guarisma
iguarism at yahoo.com
Tue Jul 26 14:00:50 UTC 2005
I'm going with Mike here! I don't really think there's
a way to do this with the kernel nor iptables (which
is part of the kernel), and I'm sure that that Apache
option will work fine on the case of a WebServer.
I think you can work on a script that get a netstat
and get from there the connections on TIME_WAIT and
meassure the time somehow and given some time, kill
the connection.
--- Mike McGrath <mmcgrath at iesabroad.org> escribió:
>
>
> > -----Original Message-----
> > From: fedora-list-bounces at redhat.com
> > [mailto:fedora-list-bounces at redhat.com] On Behalf
> Of Naoki
> > Sent: Tuesday, July 26, 2005 2:55 AM
> > To: fedora-list at redhat.com
> > Subject: TCP/IP stack questions on timeouts and
> dropping connections.
> >
> > Hi all,
> >
> > Quick question. Is there a way (kernel parameter
> or iptables
> > hack ) to drop connections that last over an
> arbitrary time
> > value. Even better would be the ability to
> restrict that rule
> > to a specific TCP port. So for example drop
> connections to
> > port 80 that have been established for over 20
> seconds?
> >
> > A little odd to want to do this I know...
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
> >
> >
>
> Often times this is controlled by the application.
> In your example if
> using apache you can use the TimeOut directive. I
> would assume you only
> want to drop connections that are idle? I do not
> know of any way to set
> this in the kernel.
>
>
http://httpd.apache.org/docs/2.0/mod/core.html#timeout
>
> -Mike
>
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
>
__________________________________________________
Correo Yahoo!
Espacio para todos tus mensajes, antivirus y antispam ¡gratis!
Regístrate ya - http://correo.espanol.yahoo.com/
More information about the fedora-list
mailing list