On Friday 2010-05-07 01:51, Richard Feng wrote: >Hi, > >I am using Linux 2.6.29. I have the problem for using 'conntrack' >(version:0.9.14) to block the traffic. >Using the following command as example: > conntrack -D -s 1.1.1.1 -d 2.2.2.2 >After execution, it appears the connection info was deleted - > conntrack -L | grep 1.1.1.1 -- shows the entry was deleted. If something does not exist, conntrack won't output it. >However, the connection is still active - is this the correct behaviour? Yes. >>From the documentation (from conntrack-tools.netfilter.org), somewhere it says >that "have to set /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal to >zero".There is simply no 'netfilter' folder under my >folder '/proc/sys/net/ipv4'. Is this the problem? How could I fix it? Upgrading to a newer kernel (you're probably running some stoneage thing). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html