[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: iptables: DROP ESTABLISHED sessions?

jairagoo@gmail.com wrote:
> Hello,
> i have Debian Woody, kernel v: 2.6.6 and iptables v1.2.9
> Is there a way to drop ESTABLISHED sessions?
> for example my ip_conntrack file looks like this:
> # cat /proc/net/ip_conntrack |grep 1.34
> tcp      6 54 ESTABLISHED src= dst=<PUBLIC IP> sport=1233
> dport=135 src= dst= sport=135 dport=1233 [ASSURED]
> Since the traffic is ESTABLISHED I cannot simply create another rule to
> block the host besides restarting the firewall, is there a better
> solution?

Place a drop rule for that address *before* your established rule.  I
guess this is one situation Daniel might have been thinking of in our
recently discussion about RELATED/ESTABLISHED.  Check the list archives
for details.

Did you know?  It is illegal to use your copy of Microsoft Office on
multiple computers without multiple licenses.  Why not try the free
alternative OpenOffice.org?  <http://www.openoffice.org>

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: