Reset conntrack...
Phil Oester
kernel at linuxace.com
Fri Dec 3 17:07:40 CET 2004
On Fri, Dec 03, 2004 at 12:11:01PM +0100, Sven Anders wrote:
> Possible solutions:
>
> ~ 1) Recheck all CONNTRACK entries against the new firewall rules.
>
> ~ 2) Set all CONNTRACK entries with states RELATED or ESTABLISHED to
> ~ NEW, to force the recheck.
>
> Is there any way to accomplish this?
Make iptables modular, and unload/reload the conntrack module everytime
you change your rules. Not pretty, but without hacking the code, the
only way to achieve your objective.
Phil
More information about the netfilter-devel
mailing list