Re: ip_conntrack growing indefinitely

To:	netfilter@lists.netfilter.org
Subject:	Re: ip_conntrack growing indefinitely
From:	fd4 <fd4@itsec4u.de>
Date:	Sun, 12 Aug 2007 08:23:15 +0200
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	netfilter-list1@securepoint.com
In-reply-to:	<Pine.LNX.4.58.0708111115530.25740@mail3.jubileegroup.co.uk>
List-archive:	</pipermail/netfilter>
List-help:	<mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id:	General discussion and user questions <netfilter.lists.netfilter.org>
List-post:	<mailto:netfilter@lists.netfilter.org>
List-subscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe:	<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Organization:	i.t
References:	<200708110801.l7B81Oj2025252@mail3.jubileegroup.co.uk> <Pine.LNX.4.58.0708111115530.25740@mail3.jubileegroup.co.uk>
Sender:	netfilter-bounces@lists.netfilter.org

To:

netfilter@lists.netfilter.org

Subject:

Re: ip_conntrack growing indefinitely

From:

fd4 <fd4@itsec4u.de>

Date:

Sun, 12 Aug 2007 08:23:15 +0200

Delivered-to:

sp-com-lists@consult.net

Delivered-to:

netfilter-list1@securepoint.com

In-reply-to:

<Pine.LNX.4.58.0708111115530.25740@mail3.jubileegroup.co.uk>

List-archive:

</pipermail/netfilter>

List-help:

<mailto:netfilter-request@lists.netfilter.org?subject=help>

List-id:

General discussion and user questions <netfilter.lists.netfilter.org>

List-post:

<mailto:netfilter@lists.netfilter.org>

List-subscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>

List-unsubscribe:

<https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>

Organization:

i.t

References:

<200708110801.l7B81Oj2025252@mail3.jubileegroup.co.uk> <Pine.LNX.4.58.0708111115530.25740@mail3.jubileegroup.co.uk>

Sender:

netfilter-bounces@lists.netfilter.org

Am Sat, 11 Aug 2007 11:19:08 +0100 (BST)
schrieb "G.W. Haywood" <ged@jubileegroup.co.uk>:

> I don't think it grows indefinitely.  The timeout is five days.

about 11 hrs in that case :-)
(of course I've reduced the standard value)

and I've said a similar case - just wondering, cleaned it with conntrack -F

the growing to more than 3300 entries has started by an unknown local event 
triggering conntrack on local connections; I could not find any reason in the 
logs or somehow else. happened within a minute or 2 from 2 local ports

<Prev in Thread]	Current Thread	[Next in Thread>
Re: ip_conntrack growing indefinitely, fd4 Re: ip_conntrack growing indefinitely, Eric Leblond Re: ip_conntrack growing indefinitely, G.W. Haywood Re: ip_conntrack growing indefinitely, fd4 <=

Previous by Date:	Re: can't ssh outside with OUTPUT (policy ACCEPT), Maxim Veksler
Previous by Thread:	Re: ip_conntrack growing indefinitely, G.W. Haywood
Next by Thread:	can't ssh outside with OUTPUT (policy ACCEPT), Maxim Veksler
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: can't ssh outside with OUTPUT (policy ACCEPT), Maxim Veksler

Previous by Thread:

Re: ip_conntrack growing indefinitely, G.W. Haywood

Next by Thread:

can't ssh outside with OUTPUT (policy ACCEPT), Maxim Veksler

Indexes:

[Date] [Thread] [Top] [All Lists]