Reset conntrack...
Richard
richard at o-matrix.org
Fri Dec 3 00:24:49 CET 2004
>
> Hello!
>
> Is it possible to reset the conntrack list or set any entry to the state
> NEW to force
> a recheck against new filter rules?
>
> The problem is:
>
> ~ If I set the (new) filtering rules with the target DROP, I want old
> ~ (existing) connections to be dropped immediatly.
> ~ The global rule '--state RELATED,ESTABLISHED' I set would still allow
> them...
>
I am in the process to write a TARGET which sets the conntrack expire value.
I am not sure if you set it to zero will immediately drop the connection.
But at least you can set it to 1 and let it drop in 1 second.
https://lists.netfilter.org/pipermail/netfilter-devel/2004-December/017582.h
tml
Richard
More information about the netfilter-devel
mailing list