[kwlug-disc] clearing close_wait
John Van Ostrand
john at netdirect.ca
Thu Mar 24 17:29:42 EDT 2011
Those connections are probably there because you firewalled the server while connections where open, dropping the packets that would normally close the connection.
I haven't thought this through but maybe firewalling the server with this command would allow the connections to close naturally.
iptables -I INPUT 1 --source bad.ip.add.ress --match state --state INVALID,NEW,UNTRACKED --jump DROP
That will insert a rule that will drop any new connections from the offending server. It means you will have to give them time to finish the TCP session but after they give up it should close naturally.
If the firewall is forwarding the connection change "INPUT" to "FORWARD".
----- Original Message -----
> Seems lately I've been enjoying somewhat frequent attacks on my mail
> server. Some IP address opens up a thousand email connections on my
> server, no idea why.
>
> I firewall the IP address, but I still end up with a ton of
> connections
> in a CLOSE_WAIT state. Is there any way to clear those all those
> close-wait connections from the offending IP, without rebooting? If I
> leave it sit they eventually all go away, I'd like a faster solution
> though.
>
>
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
--
John Van Ostrand
CTO, co-CEO
Net Direct Inc.
564 Weber St. N. Unit 12, Waterloo, ON N2L 5C6
Ph: 866-883-1172 x5102
Fx: 519-883-8533
Linux Solutions / IBM Hardware
More information about the kwlug-disc
mailing list