schuster.sven at gmx.de
Mon Sep 13 00:00:58 CEST 2004
On Sun, Sep 12, 2004 at 10:20:30PM +0100, Nick Drage told us:
> I want to do the following:
> 1) Empty the "forward" table.
> 2) Delete all the connections that have been generated by that table.
> 3) Enter a new forward table, which includes a rule for Established
> If I don't do "2", then any connection permitted by the rulebase used in
> "1" appears to still be permitted by the rulebase used in step "3"
> because it created an entry in the connections table.
> However I don't know how to do "2".
probably the most simple solution for this would be to do
modprobe -r ip_conntrack
as step 2. Of course this won't work when you have ip_conntrack statically compiled
in your kernel. In that case you currently would need to do some scripting to parse
/proc/net/ip_conntrack and reset the connections via a tool like hping (I think
there are already some scripts doing that out there!?).
Or maybe I missed something and there's another method of flushing the conntrack
table?? (I'm not aware of another one).
> Help :)
> mors omnia vincit
Linux zion 2.6.9-rc1-mm4 #1 Tue Sep 7 12:57:19 CEST 2004 i686 athlon i386 GNU/Linux
23:53:13 up 53 min, 2 users, load average: 0.07, 0.04, 0.04
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20040913/b13c604d/attachment.bin
More information about the netfilter