Pascal Hambourg wrote:
Hello,
sean darcy a écrit :
I've had a problem with a udp connection being setup before DNAT,
occurred. See "where are my udp packets going?" Nov 15, 2008.
So just before setting up DNAT I'd propose to run:
conntrack -D -p udp --dport 4569
but the user guide says this "blocks" the connection.
The user manual only says "this can be used to block traffic" (cut an
existing connection) with proper ruleset and settings. It does not block
traffic by itself.
I only want to flush/empty it, and let it start again with DNAT working.
Does this do it?
I guess so, although I never used conntrack (no need yet).
However I would run the conntrack command after setting up DNAT rules,
because a packet could arrive between the two operations. Deleting a UDP
conntrack entry should be harmless, as the next UDP packet would create
it again anyway.
--
Well, it didn't work:
conntrack -D -p udp --dport 4569
conntrack v0.9.6: You need to supply the `--sport' option for this command
Try `conntrack -h' or 'conntrack --help' for more information.
conntrack -D -p udp --sport 4569
conntrack v0.9.6: You need to supply the `--dport' option for this command
Try `conntrack -h' or 'conntrack --help' for more information.
conntrack -D -p udp --sport 4569 --dport 4569
conntrack v0.9.6: Can't kill conntracks just by its IDTry `conntrack -h'
or 'conntrack --help' for more information.
Puzzled, but trolling through man conntrack.
Any suggestions.
sean
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
