HOW to make 'Deleting conntrack rule' clear the state created
from this rule
harmuth at mnemon.de
Thu Aug 4 12:15:10 CEST 2005
Allain Yoann schrieb:
> Hello all,
> You would be great if you could help me on this:
> I'm using these 3 rules:
> 1. iptables -P INPUT DROP
> 2. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> 3. iptables -A INPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> 4. Bob connects on my telnet...
> 5. I decide to suppress rule 3:
> iptables -DINPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> 6. Packets from Bob are still accepted because of rule 2. But I need
> this rule (2) for my out-going connections responses.
> Is there a way to suppress the state which has been recorded for rule 3,
> when deleting this rule?
This breaks down to selectivly delete conntrack entries, right ? Harald
Welte posted on this topic:
HTH and have a nice time,
More information about the netfilter