* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-11-12 15:14]: > two questions relating to the above > > 1. trying to use 'max-src-conn 1' to limit service to one > connection per host (with overload table) but when i disconnect and > re-reconnect i get blocked. should this state expire when > correctly closed, allowing a second connection, or is the timeout > needed?
there is always a 2*MSL timeout - any better book covering TCP/IP basics should give you the plethora of reasons. > 2. is source-track required for the above? i can't decipher the > relationship. current confusion is "does source-track turn 'max' > into a per-IP match or simply allow the per-IP functions to operate?" it makes use of sr ctrack yes,but you don't need tomanually enable anything. > nb: not sure the service is closing the connection correctly which > may be causing the timeout issue. that would extend the timeout a lot. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
