Hi guys
I run a couple of mirrors serving "tails" over http. Occasionally I need to shut those servers down and reboot (for example I have just upgraded both of them to wheezy). Both servers are reasonably busy (they ship out about 2-3 TiB each per month) and normally have active connections at the time I want to power cycle them.
Connections can (of course) come from anywhere and some people may be on slow lines and may be over half way through a download of one of the 700 meg iso files. If I simply power cycle the server they will likely lose the connection and the download. I'd like to be more friendly than that.
So what I have in mind is some mechanism that I can invoke to prevent new connections being established but permit the existing ones to complete before I switch off. I've thought about cobbling together an iptables script which will change the lines:
BLAH –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT
to
BLAH –dport 80 -m state –state ESTABLISHED -j ACCEPT
temporarily and then switch it back afterwards. But I have yet to try it.
Before I start playing in earnest, does anyone know of a more elegant solution?
TIA
Mick
---------------------------------------------------------------------
blog: baldric.net gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
---------------------------------------------------------------------