Does anyone know how to get rid of/turn off/kill/remove/exorcise netfilter
and/or conntrack?
I don't use iptables and it seems to cause a lot of overhead.
Does it require a custom compiled kernel? I am using CentOS and Fedora standard precompiled kernels right now.
Thank you for any help in this frustrating matter.
# lsmod | grep -i ip
ipv6 290320 20
sysctl -a | grep -i netfilter
net.netfilter.nf_conntrack_generic_timeout = 12 net.netfilter.nf_conntrack_tcp_timeout_syn_sent = 12 net.netfilter.nf_conntrack_tcp_timeout_syn_recv = 12 net.netfilter.nf_conntrack_tcp_timeout_established = 2000 net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 12 net.netfilter.nf_conntrack_tcp_timeout_close_wait = 12 net.netfilter.nf_conntrack_tcp_timeout_last_ack = 12 net.netfilter.nf_conntrack_tcp_timeout_time_wait = 10 net.netfilter.nf_conntrack_tcp_timeout_close = 8 net.netfilter.nf_conntrack_tcp_timeout_max_retrans = 30 net.netfilter.nf_conntrack_tcp_timeout_unacknowledged = 30 net.netfilter.nf_conntrack_tcp_loose = 1 net.netfilter.nf_conntrack_tcp_be_liberal = 0 net.netfilter.nf_conntrack_tcp_max_retrans = 3 net.netfilter.nf_conntrack_udp_timeout = 12 net.netfilter.nf_conntrack_udp_timeout_stream = 18 net.netfilter.nf_conntrack_icmp_timeout = 8 net.netfilter.nf_conntrack_acct = 1 net.netfilter.nf_conntrack_max = 1048576 net.netfilter.nf_conntrack_count = 7645 net.netfilter.nf_conntrack_buckets = 16384 net.netfilter.nf_conntrack_checksum = 1 net.netfilter.nf_conntrack_log_invalid = 0 net.netfilter.nf_conntrack_expect_max = 256Received on 2009/09/03 19:02
This archive was generated by hypermail 2.2.0 : 2009/09/03 19:15 CEST