iptables in 2.4.10, 2.4.11pre6 problems
Rusty Russell
rusty@rustcorp.com.au
Wed, 24 Oct 2001 14:25:12 +1000
On Fri, 19 Oct 2001 06:18:30 -0700
Darrell A Escola <darrell-sg@descola.net> wrote:
> I have been running 2.4.10-ac11 for 7 days now with
> TCP_CONNTRACK_CLOSE_WAIT set to 120 seconds - this has stopped nearly
> all firewall activity on established connections.
OK... I think this needs changing then. Can everyone please try the following
trivial patch and report any changes?
Thanks!
Rusty.
diff -urN -I \$.*\$ --exclude TAGS -X /home/rusty/devel/kernel/kernel-patches/current-dontdiff --minimal linux-2.4.12-official/net/ipv4/netfilter/ip_conntrack_proto_tcp.c working-2.4.12-tcptime/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
--- linux-2.4.12-official/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Sun Apr 29 06:17:11 2001
+++ working-2.4.12-tcptime/net/ipv4/netfilter/ip_conntrack_proto_tcp.c Wed Oct 24 14:23:26 2001
@@ -55,7 +55,7 @@
2 MINS, /* TCP_CONNTRACK_FIN_WAIT, */
2 MINS, /* TCP_CONNTRACK_TIME_WAIT, */
10 SECS, /* TCP_CONNTRACK_CLOSE, */
- 60 SECS, /* TCP_CONNTRACK_CLOSE_WAIT, */
+ 2 MINS, /* TCP_CONNTRACK_CLOSE_WAIT, */
30 SECS, /* TCP_CONNTRACK_LAST_ACK, */
2 MINS, /* TCP_CONNTRACK_LISTEN, */
};