On Wed, Dec 07, 2005 at 12:38:51 -0800, Spam User wrote: > I've been trying to figure out how to get iptables to stop accepting > new connections on port 80 while letting the existing connections > finish up what they're doing. > > I thought it would be as easy as removing the rule that allows new > connections and leaving the rule that allowed related and established > connections, but when I remove the rule that allows new connections, > all connections stop working. When you say "all connections", what do you mean? Do you mean TCP connections, or browsing sessions? I've never really looked at it in detail but I'm wondering if you're expecting HTTP sessions to stay up while someone views a site, whereas *IIRC* while a user web-browses numerous separate HTTP connections are opened and closed in quick succession. Therefore as soon as you stop accepting new TCP connections all web browsing will stop, even for people with a half-loaded page. Why do you want to stop new sessions? If we take a step back [1] maybe there's a different solution to your overall problem. [1] "take a step back"... sorry, next thing you know we'll be running ideas up the flagpole. -- morals are for little people Jenny Solzer
