On Monday 03 May 2004 4:43 pm, azeem ahmad wrote:
> > > hi all
> > > i m having a problem that i m using MASQUERADING on a redhat 8.0 box
> > > with iptables. the problem is that when i want the users to be
> > > disconnected i flush iptables; the new connections dont get established
> > > but the current active connections dont break. like if a user is
> > > downloading msn messenger for example and i flush iptables, this user's
> > > connection dont break. so what i can do to break the active connection
> > > please help me out
> >
> > From: "Alexis" <alexis@xxxxxxxxxxx>
> >
> > and they will, this is conntrack :)
> > try unload the module and thats it
>
> thanks
> but i m a student so i want to caputure the concept also. so please tell me
> the mystery or tell me about any tutorial about it.
Current connections ("ESTABLISHED" in connection tracking terms) are
handled in the background, and not by your ruleset (your rules only deal with
the first packet of a connection). Therefore changing the ruleset makes no
difference to connections which are already established.
For more info on how netfilter's connection tracking works:
http://iptables-tutorial.frozentux.net/iptables-tutorial.html#STATEMACHINE
http://www.sns.ias.edu/~jns/security/iptables/iptables_conntrack.html
Regards,
Antony.
--
Behind the counter a boy with a shaven head stared vacantly into space,
a dozen spikes of microsoft protruding from the socket behind his ear.
- William Gibson, Neuromancer (1984)
Please reply to the list;
please don't CC me.
