From: Kiran Murari <kmurari@xxxxxxxxxxxxxxxxxxxx> Date: Fri, 20 Apr 2007 17:39:21 +0530 > Yasuyuki KOZAKAI wrote: > > From: Kiran Murari <kmurari@xxxxxxxxxxxxxxxxxxxx> > > Date: Fri, 20 Apr 2007 16:38:32 +0530 > > > > > >> After little bit of experimenting, I could see that if I flush all the conntrack entries, > >> as soon as my WAN is enabled, the PING session continued. > >> > >> But flushing all the conntrack entries, doesn't look like a feasible one. > >> > >> Is there a way to flush the conntrack entries that have been created during a specific interval. > >> > >> Any thoughts. > >> > > > > Why don't you flush table with tool 'conntrack' just after bringing up your > > WAN ? > > > > http://www.netfilter.org/projects/conntrack/index.html > > > > -- Yasuyuki Kozakai > > > Yeah I have seen the 'conntrack'. > But this requires linnetfilter_conntrack and libnfnetlink support. > I am running a 2.6.14 on an Xscale processor. > > So is there a means to flush the entries, other than porting the > 'conntrack' to Xscale. There is no way. Other solution in my mind is to set a filter rule to drop all forwarded packets, just before bringing down WAN interface. -- Yasuyuki Kozakai
