/proc/net/ip_conntrack
David A. Bandel
david
Tue Aug 17 19:28:51 PDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 18 Aug 2004 08:19:26 +0800
"M.W. Chang" <mwchang at i-cable.com> wrote:
> > Review what constitutes an IP connection in its entirety (hint, it's
> > more than just an IP/Port pair). Some applications (like
> > bittorrent) Also look at the conntrack timeouts for entries to be
> > removed from the conntrack table even on terminated connections.
>
> Does iptables have a feature to limit the number of ip_conntrack
> entries used by an interface (lo, eth0, eth1)?
yes, /proc/sys/net/ipv4/ip_conntrack_max
But you don't want to make it too low. In fact, unless you know what
you're doing (and the consequences), the default (which is based on the
amount of RAM your system has) should be left alone.
Ciao,
David A. Bandel
- --
Focus on the dream, not the competition.
Nemesis Racing Team motto
GPG key autoresponder: mailto:david_key at pananix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBIqKsj31PLQNUbV4RAvrLAKC/Fu6pMUKjNsXIl3RuPdB8ki+6+wCfQ9at
AiIy4R/vvx4QOivOMTExnDY=
=4xEU
-----END PGP SIGNATURE-----
More information about the Linux-users
mailing list