On Monday 2008-04-07 11:28, Покотиленко Костик wrote: >> > Using iptables? >> > just add a drop rule having src/dest ip addressess >> > and ports and protocol on >> > top of other rules. >> >> Probably I wasn't clear - I want to kill existing, >> already opened connection. >> Now, after reading some articles/threads, it seems >> that only utils like tcpkill, cutter can do this... > >You can use conntrack utility to remove conntrack entry, This only removes the conntrack entry of course, and does not induce a TCP reset. >if you also >drop INVALID packets with iptables this will let you kill connection. When more packets come in, the 'connection' will go NEW, not INVALID. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
