> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of Spam User > Sent: Wednesday, December 07, 2005 3:39 PM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: stop accepting new connections on port 80 > > Hi, > > I've been trying to figure out how to get iptables to stop > accepting new connections on port 80 while letting the > existing connections finish up what they're doing. > > I thought it would be as easy as removing the rule that > allows new connections and leaving the rule that allowed > related and established connections, but when I remove the > rule that allows new connections, all connections stop working. [snip] I don't know exactly how you're determining the above: is it a long download that gets killed? HTTP opens at least (and usually only) one connection per page so the problem may be that the connection is already closed even though the page is still being viewed. Unless you are downloading something it's not likely your connection will last much longer than four or five seconds on a heavily graphical page with broadband. Your rules look ok at first glance so I would recommend some time with Ethereal and a long download from the web server. Download a big file once with your default rules and see what happens. Then delete the file and download it again, this time running your kill-new-connections script and see if the file transfer gets knocked immediately. > Thanks, > > Mike Derick Anderson
