On Sunday 2006-January-08 16:04, Robert Nichols wrote:
> > iptables -I INPUT -s 1.2.3.4 -j DROP
> That will prevent communication by blocking any further incoming
> packets, but won't do anything to tear down the connection. See
Actually it would drop anything with a source address of 1.2.3.4 which
happens to hit the filter INPUT chain, regardless of protocol or state.
Perhaps the issue is as I suggested, the packets are hitting FORWARD,
or simply that a blocked connection has not yet timed out of conntrack
or netstat listings.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
