Hi, I want to block specified IP Addresses "on the fly". My Firewall is started, and then without a restart, I want to block all established,new,related connection to a specified host or port. The Problem is, when I use the conntrack modul, and I block a IP with this command : iptables -t nat -I POSTROUTING -p tcp -s 192.168.0.23 --dport 25 -m conntrack --ctstate ESTABLISHED,NEW,RELATED -j DROP, then I can't create new Connections, but I can use further on the established connections. Is there a Solution to also stop working the established connections? regards sebi -- Sebastian Docktor <sebi@xxxxxxxxxxxx>
