Hi Folks,

How can we decrease COSE_WAIT and TIME_wAIT issue...

4042 CLOSE_WAIT
1158 ESTABLISHED
3 FIN_WAIT1
124 FIN_WAIT2
11 LAST_ACK
7048 TIME_WAIT

Why do you believe these to be a problem to address?

There are plenty of ways to ditch them faster, but if there's no issue, why?

see, for example -http://ihazem.wordpress.com/2012/02/07/reducing-time_wait-socket-connections-recyclereuse/

Due to this my apache connection reached to maximum defined level and new user can not access web site :

Please see below :

pstree |egrep -i 'httpd'
|-httpd---7425*[httpd]


These many conncections from sigle IP, I have blocked these IPs with iptables but still showing by netstat command, kindly suggest how can I block them.


# netstat -tunp |grep http | awk '{print $5}' |grep -v " " | cut -d':' -f 4 |sort |uniq -c |sort -n |tail
86 190.184.144.62
92 202.138.249.22
92 60.220.212.60
94 190.184.144.53
105 58.242.249.31
111 162.243.233.19
119 151.200.170.21
306 187.111.202.13
529 178.213.187.17

# iptables -nvL |grep 178.213.187.17
0 0 DROP all -- * * 178.213.187.17 0.0.0.0/0

# iptables -nvL |grep 187.111.202.13
0 0 DROP all -- * * 187.111.202.13 0.0.0.0/0

are you asking for iptables help of tcp stack tuning help? I'd guess you put that iptables rule after the rule that's permitting them, but without the full ruleset we've naturally no idea. As for tuning, I alrady provided a link.