Re: conntrack-tools 0.9.14 can not block the connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 2010-05-07 01:51, Richard Feng wrote:

>Hi,
>
>I am using Linux 2.6.29. I have the problem for using 'conntrack' 
>(version:0.9.14) to block the traffic.
>Using the following command as example:
>  conntrack -D -s 1.1.1.1 -d 2.2.2.2
>After execution, it appears the connection info was deleted -
>  conntrack -L | grep 1.1.1.1 -- shows the entry was deleted.

If something does not exist, conntrack won't output it.

>However, the connection is still active - is this the correct behaviour? 

Yes.

>>From the documentation (from conntrack-tools.netfilter.org), somewhere it says 
>that "have to set /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal to 
>zero".There is simply no 'netfilter' folder under my 
>folder '/proc/sys/net/ipv4'. Is this the problem? How could I fix it?

Upgrading to a newer kernel (you're probably running some stoneage 
thing).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux