Re: HOW to make 'Deleting conntrack rule' clear the state created from this rule

All of lore.kernel.org
 help / color / mirror / Atom feed

* Re: HOW to make 'Deleting conntrack rule' clear the state created from this rule
       [not found] <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>
@ 2005-08-04 10:15 ` Jörg Harmuth
  0 siblings, 0 replies; only message in thread
From: Jörg Harmuth @ 2005-08-04 10:15 UTC (permalink / raw)
  To: netfilter

Allain Yoann schrieb:
> Hello all,
> 
> You would be great if you could help me on this:
> I'm using these 3 rules:
> 
> 1. iptables -P INPUT DROP
> 2. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> 3. iptables -A INPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 
> Then
> 4. Bob connects on my telnet...
> 5. I decide to suppress rule 3: 
> 	iptables -DINPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 6. Packets from Bob are still accepted because of rule 2. But I need
> this rule (2) for my out-going connections responses.
> 
> Is there a way to suppress the state which has been recorded for rule 3,
> when deleting this rule?

This breaks down to selectivly delete conntrack entries, right ? Harald
Welte posted on this topic:

https://lists.netfilter.org/pipermail/netfilter/2005-July/061538.html

HTH and have a nice time,

Joerg



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2005-08-04 10:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>
2005-08-04 10:15 ` HOW to make 'Deleting conntrack rule' clear the state created from this rule Jörg Harmuth

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.