From: Mogens Valentin
Date: Mon May 02 2005 - 10:58:54 EST

Phil Oester wrote:
On Mon, May 02, 2005 at 11:51:46AM +0200, Mogens Valentin wrote:

I fail to understand why TCP_CONNTRACK_ESTABLISHED has to be 5 days.
It's not configurable from /proc, but I see nothing wrong in changing the source to, say, 1 day.
Would someone educate me, pls.

Using a relatively recent kernel, it is indeed configurable via /proc:

# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established

Yes, sorry I'd missed that. Already got educated :-
We're discussion this on netfilter.

Kind regards,
Mogens Valentin

To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at