From: Mogens Valentin
Date: Wed May 04 2005 - 06:24:37 EST

Henrik Nordstrom wrote:
On Mon, 2 May 2005, Mogens Valentin wrote:

I fail to understand why TCP_CONNTRACK_ESTABLISHED has to be 5 days.

The likelyhood for valid TCP connections without a single packet for some days is relatively high. Consider for example a SSH or telnet session left open over the weekend (without TCP keepalives enabled).

Well, maybe.. WRT ssh, this can be solved with something like
ClientAliveInterval 20; ClientAliveCountMax 15
giving a lifetime of 5mins before sshd disconnects, enough for me, since I never like keeping ssh sessions open (but thats just me).

Guess TCP_CONNTRACK_ESTABLISHED is something we'll have to set individually, according to use and conciousness :-

Kind regards,
Mogens Valentin

