From: "Andrew Hall" <temp02@bluereef.com.au>
To: <netfilter-devel@lists.netfilter.org>
Subject: conntrack clarification
Date: Mon, 6 Aug 2007 18:31:46 +1000 [thread overview]
Message-ID: <4736426.181186389101858.JavaMail.root@localhost> (raw)
Hi Pablo,
I've been playing with your very cool conntrack tool and trying to use it to
forcibly remove established and related entries from the conntrack table.
The main reason I'm doing this is I want the ability to forcibly terminate a
TCP session after the access rules have been removed that allow this
connection to be established in the first place (at the moment an SSH
session - for example - remains active until the session has been closed by
the client), I can't forcibly shut the session down because I have general
"established and related" rules that allow the connection to remain open.
The problem I've found with the conntrack tool (using 'conntrack -F' to
flush the entries) is that even though the entry "appears" to get removed
for the TCP session, the entry gets re-added immediately by the session
which is still open. This is kind of counter-intuitive as once the entry is
removed I had assumed this meant the session was no longer known to be
"established" and therefore the next packet should be unrelated and dropped?
Is this correct or is there something wrong with the tool?
kernel: 2.6.22.1
libnetfilter_conntrack.so.1.2.0
libnfnetlink.so.0.2.0
conntrack v0.9.5
Thanks,
Andrew.
"Blue Reef disclaimer: This electronic message transmission contains information that is confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution, or use of the contents of this information is prohibited. If you have received this transmission in error, please notify us by telephone immediately."
Scanned by Sonar.
Date: 2007-08-06 18:31:41
From: temp02@bluereef.com.au
To: netfilter-devel@lists.netfilter.org
Mail id: challenge-63891014970
next reply other threads:[~2007-08-06 8:31 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-06 8:31 Andrew Hall [this message]
2007-08-06 8:38 ` conntrack clarification Eric Leblond
[not found] <29656818.1521186459222779.JavaMail.root@localhost>
2007-08-07 8:08 ` Andrew Hall
2007-08-07 9:42 ` Pascal Hambourg
[not found] <3434740.221186389567173.JavaMail.root@localhost>
2007-08-06 8:54 ` Andrew Hall
2007-08-06 9:07 ` Jan Engelhardt
2007-08-06 10:27 ` Krzysztof Oledzki
[not found] ` <8883276.421186396148778.JavaMail.root@localhost>
2007-08-07 4:00 ` Andrew Hall
2007-08-06 12:37 ` Pascal Hambourg
-- strict thread matches above, loose matches on Subject: below --
2007-08-06 0:17 Conntrack clarification Andrew Hall
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4736426.181186389101858.JavaMail.root@localhost \
--to=temp02@bluereef.com.au \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.