|
> > Does anyone have any suggestions as to how to purge this
> > table manually?
In the event that I run out. I believe this could result in a very easy DoS,
lets say I have a timeout of 2 hours, and all my systems run behind a
IPCHAINS Firewall. It would be very simple to execute an attack that
established 30,000 TCP connections. All of the connections would be pending
a 2 hour timeout, and damn, DoS...
Knowning how to deal with such an event would be a good thing.
> <from LVS-howto>
> Can we alter directly /proc/net/ip_masquerade ?
> No, it is not feasible, because directly modifying masq entries will break
> the established connection <-- isn't that what you want to do?
I've already tried to muck with this value. No matter what I do I can not
seem to reset, clear or modify this manually.
I really want to do this, but there does not seem to be a way...
I've tried the traditional echo's etc, but they do not reset it.
Any one else have suggestions?
> if you do not like the prospect of altering directly perhaps try a shell
> script:
> #!/bin/sh
> #hopefully this works and you won't shoot yourself in the foot...
> ipchains -M -S 1 0 0
> sleep 5
> ipchains -M -S 7200 0 0
>
> I have no idea if that works or not.. do you feel like a guinea pig? :)
Setting this Value only effects *NEW* connections, connections already set
are unaffected.
Thanks,
Michael
|
