> the problem is I have so many dead connections in there and they are to
> a server that is no longer online. At this point in time, I simply can
> not reboot the box to clear this table.
>
> There has to be some way to clear these with out a reboot, has anyone
> found a way?
What you can do, although I know of no tool helping you with that,
is to read the conntrack table, grep out the entries you want to
remove, and synthesize suitable faked packets which terminate
the connections. libnet can do the synthesizing.
If it works (I think there are some issues right now), ctnetlink could
provide a more elegant solution. But I have no experience with that.
> Also, can I lower the 5 days conntrack keeps these in the table to
> something like 5 hours and if so how?
You can, by modifying the timeouts in this source file:
net/ipv4/netfilter/ip_conntrack_tcp.c
I remember there's something in patch-o-matic (from Jozsef) which provides
timeout knobs in /proc/. Have a look through the patch-o-matic stuff.
best regards
Patrick
