|
Hello,
On Wed, 3 Dec 2003 awysocki@xxxxxxxxxxxxxx wrote:
> OK, this is incorrect interpretation of the TCP states but this is a hack
> which allows the min state timeout to be 1 minute. Now using ipchains we
> can set the timeout to all TCP states to 1 minute.
> If this is changed you can now set ESTABLISHED and FIN-WAIT timeouts down
> to 1 minute. In current LVS version the min effective timeout for
> ESTABLISHED and FINWAIT state is 2 minutes.
You can check http://www.linuxvirtualserver.org/docs/defense.html
You can play with secure_tcp and drop_entry. Probably, it is a
good idea for implementation, to enter nomem state also when
total number of the conn entries reaches user defined point because
the current way of depending on free memory is not always desired,
for example, if the director is used for other needs.
Regards
--
Julian Anastasov <ja@xxxxxx>
|
