HareRam wrote: >then ? how do i remove my establish client, when we do some accounting >when he logged out, he should not get any browsing, as well as he should be >removed from internet >how can i achieve > >please guide me alternative method to achieve this > You remove the rule that accepts the established connection. I have a specific rule for each host that is forwarded through firewall. If I want to allow the host, I add the rule in FORWARD chain: ACCEPT all -- * eth0 <ip_of_host> 0.0.0.0/0 state RELATED,ESTABLISHED When I want to stop them I just remove the rule. Even if the established entry appears and lingers in /proc/net/ip_conntrack, it can't go anywhere. At least that's how it seems to work for me... Am I wrong?? Cheers, Michael
