I'm going with Mike here! I don't really think there's a way to do this with the kernel nor iptables (which is part of the kernel), and I'm sure that that Apache option will work fine on the case of a WebServer. I think you can work on a script that get a netstat and get from there the connections on TIME_WAIT and meassure the time somehow and given some time, kill the connection. --- Mike McGrath <mmcgrath@xxxxxxxxxxxxx> escribió: > > > > -----Original Message----- > > From: fedora-list-bounces@xxxxxxxxxx > > [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf > Of Naoki > > Sent: Tuesday, July 26, 2005 2:55 AM > > To: fedora-list@xxxxxxxxxx > > Subject: TCP/IP stack questions on timeouts and > dropping connections. > > > > Hi all, > > > > Quick question. Is there a way (kernel parameter > or iptables > > hack ) to drop connections that last over an > arbitrary time > > value. Even better would be the ability to > restrict that rule > > to a specific TCP port. So for example drop > connections to > > port 80 that have been established for over 20 > seconds? > > > > A little odd to want to do this I know... > > > > -- > > fedora-list mailing list > > fedora-list@xxxxxxxxxx > > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-list > > > > > > Often times this is controlled by the application. > In your example if > using apache you can use the TimeOut directive. I > would assume you only > want to drop connections that are idle? I do not > know of any way to set > this in the kernel. > > http://httpd.apache.org/docs/2.0/mod/core.html#timeout > > -Mike > > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > http://www.redhat.com/mailman/listinfo/fedora-list > __________________________________________________ Correo Yahoo! Espacio para todos tus mensajes, antivirus y antispam ¡gratis! Regístrate ya - http://correo.espanol.yahoo.com/
