Hi Nick, On Sun, Sep 12, 2004 at 10:20:30PM +0100, Nick Drage told us: > Hi, > > I want to do the following: > > 1) Empty the "forward" table. > 2) Delete all the connections that have been generated by that table. > 3) Enter a new forward table, which includes a rule for Established > connections. > > If I don't do "2", then any connection permitted by the rulebase used in > "1" appears to still be permitted by the rulebase used in step "3" > because it created an entry in the connections table. > > However I don't know how to do "2". probably the most simple solution for this would be to do modprobe -r ip_conntrack as step 2. Of course this won't work when you have ip_conntrack statically compiled in your kernel. In that case you currently would need to do some scripting to parse /proc/net/ip_conntrack and reset the connections via a tool like hping (I think there are already some scripts doing that out there!?). Or maybe I missed something and there's another method of flushing the conntrack table?? (I'm not aware of another one). Sven > > Help :) > > -- > mors omnia vincit -- Linux zion 2.6.9-rc1-mm4 #1 Tue Sep 7 12:57:19 CEST 2004 i686 athlon i386 GNU/Linux 23:53:13 up 53 min, 2 users, load average: 0.07, 0.04, 0.04
Attachment:
pgpSu2OnZEb5d.pgp
Description: PGP signature
