On May 7, 2010 02:57:51 am Pascal Hambourg wrote: > Hello, > > Richard Feng a écrit : > > > > I am using Linux 2.6.29. I have the problem for using 'conntrack' > > (version:0.9.14) to block the traffic. > > Using the following command as example: > > conntrack -D -s 1.1.1.1 -d 2.2.2.2 > > After execution, it appears the connection info was deleted - > > conntrack -L | grep 1.1.1.1 -- shows the entry was deleted. > > > > However, the connection is still active > > What do you mean exactly ? > The conntrack tool only deals with netfilter connection tracking, not > with the actual connection (e.g. it won't send RST's in order to tear it > down). How it may affect the actual connection depends on the iptables > ruleset. > It says it can block traffic in the document "http://conntrack-tools.netfilter.org/manual.html#conntrack";. Maybe the doc is outdated? What should I do if I want to break current connection? Using 'cutter'? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
