On Thursday 17 October 2002 10:37 am, jrw@ngi.be wrote:
> Hi,
> How could I remove a connection listed in the ip_conntrack file?
> Because, now, I must wait until the timeout...
> And if it's not possible, is there a way to change the timeout?
>
> In my rules, I have the following line :
> ${IPTABLES} -A FORWARD -o eth1 -m state --state ESTABLISHED,RELATED -j
> ACCEPT
> and thus, old connection are accepted even if I restart iptables. I must
> reboot the server to clean the connections listing.
You cannot remove entries from the connection tracking table.
If you know the IP address/es of the connection/s you wish to remove, you
could insert some DROP or REJECT rules before the ESTABLISHED,RELATED match
so that the connections get taken down.
eg iptables -I FORWARD -s a.b.c.d -j REJECT
will block packet from address a.b.c.d before they get recognised as part of
a previously established connection.
Antony.
--
It is also possible that putting the birds in a laboratory setting
inadvertently renders them relatively incompetent.
- Daniel C Dennett
