On Sunday 2006-January-08 16:18, I wrote:
> On Sunday 2006-January-08 16:04, Robert Nichols wrote:
> > > iptables -I INPUT -s 1.2.3.4 -j DROP
> >
> > That will prevent communication by blocking any further incoming
> > packets, but won't do anything to tear down the connection. See
Yes, you're right, sorry. I read too quickly. You're saying this:
> ... or simply that a blocked connection has not yet
> timed out of conntrack or netstat listings.
... and you're right, the REJECT will tell the other end that the
connection is terminated. But I doubt that the local side will show
anything different in conntrack or netstat, unless a corresponding
REJECT rule was used in OUTPUT.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
