bugzilla-daemon at netfilter.org
2016-Feb-16 19:59 UTC
[Bug 1021] iptables -j CT --timeout policy
https://bugzilla.netfilter.org/show_bug.cgi?id=1021
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |pablo at netfilter.org
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Kernel version?
This is working here.
# iptables-save
# Generated by iptables-save v1.6.0 on Tue Feb 16 20:59:25 2016
*raw
:PREROUTING ACCEPT [6:406]
:OUTPUT ACCEPT [5:268]
-A PREROUTING -p tcp -m tcp --dport 1416 -j CT --timeout test-tcp-2
-A PREROUTING -p tcp -m tcp --dport 1414 -j CT --timeout test-tcp
COMMIT
# nfct list timeout
.test-tcp = {
.l3proto = 2,
.l4proto = 6,
.policy = {
.SYN_SENT = 120,
.SYN_RECV = 60,
.ESTABLISHED = 100,
.FIN_WAIT = 120,
.CLOSE_WAIT = 10,
.LAST_ACK = 30,
.TIME_WAIT = 120,
.CLOSE = 10,
.SYN_SENT2 = 120,
.RETRANS = 300,
.UNACKNOWLEDGED = 300,
},
};
.test-tcp-2 = {
.l3proto = 2,
.l4proto = 6,
.policy = {
.SYN_SENT = 120,
.SYN_RECV = 60,
.ESTABLISHED = 110,
.FIN_WAIT = 120,
.CLOSE_WAIT = 11,
.LAST_ACK = 30,
.TIME_WAIT = 120,
.CLOSE = 11,
.SYN_SENT2 = 120,
.RETRANS = 300,
.UNACKNOWLEDGED = 300,
},
};
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20160216/05876b1c/attachment.html>
Seemingly Similar Threads
Wisdom of the Ancients
