jairagoo@gmail.com wrote: > Hello, > > i have Debian Woody, kernel v: 2.6.6 and iptables v1.2.9 > > Is there a way to drop ESTABLISHED sessions? > > for example my ip_conntrack file looks like this: > # cat /proc/net/ip_conntrack |grep 1.34 > tcp 6 54 ESTABLISHED src=192.168.1.34 dst=<PUBLIC IP> sport=1233 > dport=135 src=10.2.2.71 dst=192.168.1.34 sport=135 dport=1233 [ASSURED] > > Since the traffic is ESTABLISHED I cannot simply create another rule to > block the host besides restarting the firewall, is there a better > solution? Place a drop rule for that address *before* your established rule. I guess this is one situation Daniel might have been thinking of in our recently discussion about RELATED/ESTABLISHED. Check the list archives for details. -- Paul <http://paulgear.webhop.net> -- Did you know? It is illegal to use your copy of Microsoft Office on multiple computers without multiple licenses. Why not try the free alternative OpenOffice.org? <http://www.openoffice.org>
Attachment:
signature.asc
Description: OpenPGP digital signature