Linux: Force Close A Socket / Port On Server In a TIME_WAIT State

I run a BT client and few other server program on Linux. Sometime these programs get overloaded with too many connections and crashes. If I restart my apps, I see lots of old IPs in a TIME_WAIT state. How do I force and and close everything in a TIME_WAIT state under Linux operating systems?

TIME-WAIT state can exists on either server or client program. It represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request. [donotprint]
Tutorial details
Difficulty level Intermediate
Root privileges No
Requirements None
Est. reading time 5m
[/donotprint]The /proc/sys/net/ipv4/tcp_fin_timeout setting determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. This is known as TIME_WAIT state. TIME_WAIT is a normal part of the TCP connection. However, if you must close a socket in TIME_WAIT state, try: [a] Restart the networking service [b] cutter command

Finding out current TIME_WAIT settings

Type the following command
$ cat /proc/sys/net/ipv4/tcp_fin_timeout
Sample outputs:


You can lower the value by typing the following command as root user:
# echo 20 > /proc/sys/net/ipv4/tcp_fin_timeout
To set /proc/sys/net/ipv4/tcp_fin_timeout to 20 permanently, edit the file /etc/sysctl.conf and set it as follows:


Restating the network service

To restart the network service under RHEL / CentOS based systems, enter:
# service network restart
# /etc/init.d/network restart
Ubuntu / Debian Linux, user try the following command:
$ sudo service networking restart
$ sudo /etc/init.d/networking restart

cutter command

Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over the firewall or router on which it is run.


To cut all connections from to server, enter:
# cutter
To cut all ssh connection from to server, type:
# cutter 22
To cut all http connection from to ssh server, run:
# cutter 80
See how to install and use the cutter command for more information here.

See also

See the following man pages:
man 7 socket
man 7 tcp
man 7 ip
man 5 proc

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 3 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
3 comments… add one
  • Lyle Apr 10, 2013 @ 5:18

    As far as I know, there is no way (aside from modifying the source, constant TCP_TIMEWAIT_LEN) to modify the MSL nor the TCP TIME_WAIT

    You may have luck with the time_wait bucket (reuse|recycle), but it becomes tricky if your upstream is stateful and doesn’t expect the same source-port so quickly (<2*MSL)

  • Carlos Fernández San Millán Mar 10, 2014 @ 20:33


    I believe the examples have typos as the IPs do not correspond.


Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum