On 2008-03-11, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Petr Pisar wrote:
>> Hello,
>>
>> I'm trying to remove all conntrack records for one source IP address. If
>> I specify only source IP address it will fail:
>>
>> $ conntrack -D -s 10.0.0.179
>> Operation failed: such conntrack doesn't exist
>
> This is not supported yet but it will in the next release 0.9.7.
Great to hear it.
If somebody would interest in ugly work around, following bash script
does the hard work:
conntrack -L -s "$SRC" | \
sed 's/\([^ ]*\).*src=\([^ ]*\) dst=\([^ ]*\) sport=\([^ ]*\) dport=\([^ ]*\) src=.*/conntrack -D -s \2 -d \3 -p \1 --sport \4 --dport \5/'| \
while read; do eval "$REPLY"; done
-- Petr
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
