noa levy a écrit :
I still don't understand one thing though: Let's say I delete a rule
that allows SSH traffic. There are probably many entries in the
conntrack table for SSH sessions. Will these sessions continue to be
allowed in, even though I have just deleted the rule that allowed SSH
(and my default policy is DROP)?
You are asking the wrong question. Iptables is a packet filter, it does
not filter "sessions" (or connections). As already said, the conntrack
table is not affected by rule deletion/insertion. So whether packets
belonging to existing connections are allowed or not depends on the new
ruleset. If the new ruleset says to ACCEPT packets in the ESTABLISHED
state, then established connections are still allowed.
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
