resetting connections

Sven Schuster schuster.sven at gmx.de
Mon Sep 13 00:00:58 CEST 2004


Hi Nick,

On Sun, Sep 12, 2004 at 10:20:30PM +0100, Nick Drage told us:
> Hi,
> 
> I want to do the following:
> 
> 1) Empty the "forward" table.
> 2) Delete all the connections that have been generated by that table.
> 3) Enter a new forward table, which includes a rule for Established
> connections.
> 
> If I don't do "2", then any connection permitted by the rulebase used in
> "1" appears to still be permitted by the rulebase used in step "3"
> because it created an entry in the connections table.
> 
> However I don't know how to do "2".

probably the most simple solution for this would be to do

modprobe -r ip_conntrack

as step 2. Of course this won't work when you have ip_conntrack statically compiled
in your kernel. In that case you currently would need to do some scripting to parse
/proc/net/ip_conntrack and reset the connections via a tool like hping (I think
there are already some scripts doing that out there!?).

Or maybe I missed something and there's another method of flushing the conntrack
table?? (I'm not aware of another one).


Sven

> 
> Help :)
> 
> -- 
> mors omnia vincit

-- 
Linux zion 2.6.9-rc1-mm4 #1 Tue Sep 7 12:57:19 CEST 2004 i686 athlon i386 GNU/Linux
 23:53:13  up 53 min,  2 users,  load average: 0.07, 0.04, 0.04
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/netfilter/attachments/20040913/b13c604d/attachment.bin


More information about the netfilter mailing list