Re: conntrack vs. slow modem user

[Dan Jacobson <jidanni@dman.ddts.net>]

>> Change the kernel source net/ipv4/netfilter/ip_conntrack_proto_tcp.c
>> and take down TCP_CONNTRACK_ESTABLISHED from '5 DAYS' to '2 HOURS'.
Ha ha "Change the kernel source".  Did I tell you I am a junior user
and mom specifically told me not to "change the kernel source".

Anyway, I'm just curious.  Why didn't they make it one of those
echo 12345 > /proc/zzz/xxx/ccc/ adjustible things?

By the way, I did iptables -F; iptables -X but my google connection
problems continued until I hung up the phone.  Could clearing the
iptables not necessarily clear the conntrack problem, or does this
show that my problems are just bandwidth to google over 56k?

Maybe if i take the close only the problem areas approach to security
i wont have so many problems.

OK, i put my iptables on http://jidanni.org/test/0-jidanni-firewall
It is causing me lots of http://jidanni.org/test/firewall-errors
As well as only about 1 success for each 3 google clicks. 
I use http://jidanni.org/comp/system.txt
-- 
http://jidanni.org/ Taiwan(04)25854780


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org