HOW to make 'Deleting conntrack rule' clear the state created from this rule

Allain Yoann Yoann.Allain at thomson.net
Thu Aug 4 11:44:49 CEST 2005


Hello all,

You would be great if you could help me on this:
I'm using these 3 rules:

1. iptables -P INPUT DROP
2. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
3. iptables -A INPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
ACCEPT


Then
4. Bob connects on my telnet...
5. I decide to suppress rule 3: 
	iptables -DINPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
ACCEPT

6. Packets from Bob are still accepted because of rule 2. But I need
this rule (2) for my out-going connections responses.

Is there a way to suppress the state which has been recorded for rule 3,
when deleting this rule?

Thanks in advance for your help,

Yoann 




More information about the netfilter mailing list