Re: ip_conntrack_max

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




<>
This is difficult. I think we should start by asking "what do you mean by a
connection?" Remember that many web browsers, for example, will open 5-10
simultaneous connections in order to load all the elements of a web page.
DNS needs its own connections in order to do name lookups. Some connections
are long-term (eg: telnet, ssh - even when you're not typing, the connection
is still there), some are very transient (eg: http - once you have the page
displayed, there's no connection between your browser and the server until
you click on another hyperlink).


Thancks for the instruction..

<>Why do you want to limit connections per machine? What are you trying to
achieve?


The problem are the P2P software that create any connection on the conntrack..
Because filter all p2p port is very difficult, I thought that to limit the number of simultaneous connection
is a gooa idea..


That sounds fine. Tell us if you get "connection tracking table full" errors again.

Regards,

Antony.



Bye

ps: it's ok the signature now?

--
---------------------------------------------------------------
| |||||||    ||    |  Fallucchi Antonio Giuseppe  mat. 2282     |
| ||        ||||    |      --> Live free() of die() <--         |
| ||||     ||  ||    |        OpenSource philosophy             |
| ||      ||||||||    |  Universita' di Bologna sede di Cesena  |
| ||     ||      ||    |    Cdl di Scienze dell'Informazione    |
---------------------------------------------------------------




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux