From: "HareRam" <hareram@sol.net.in>
To: Antony Stone <Antony@Soft-Solutions.co.uk>, netfilter@lists.samba.org
Subject: Re: Fw: How to remove Established Connection
Date: Fri, 11 Oct 2002 19:33:26 +0530 [thread overview]
Message-ID: <00b501c2712e$f88e39e0$7cfcc5cb@humanpc> (raw)
In-Reply-To: 200210111230.g9BCUlL19231@vulcan.rissington.net
Hi all
thanks its working using my own methods,
but idea is lot of people, especially Mr Antony's
what is the Recomended DROP or REJECT
just now my Rule is work with DROP
but i saw now here REJECT
which one is powerfull to use to disable connections of Forward
thanks
hare
----- Original Message -----
From: "Antony Stone" <Antony@Soft-Solutions.co.uk>
To: <netfilter@lists.samba.org>
Sent: Friday, October 11, 2002 6:00 PM
Subject: Re: Fw: How to remove Established Connection
> On Friday 11 October 2002 10:15 am, Michael wrote:
>
> > HareRam wrote:
> > >then ? how do i remove my establish client, when we do some accounting
> > >when he logged out, he should not get any browsing, as well as he
should
> > > be removed from internet
> > >how can i achieve
> > >
> > >please guide me alternative method to achieve this
> >
> > You remove the rule that accepts the established connection.
> >
> > I have a specific rule for each host that is forwarded through firewall.
> > If I want to allow the host, I add the rule in FORWARD chain:
> >
> > ACCEPT all -- * eth0 <ip_of_host>
> > 0.0.0.0/0 state RELATED,ESTABLISHED
> >
> > When I want to stop them I just remove the rule. Even if the established
> > entry appears and lingers in /proc/net/ip_conntrack, it can't go
anywhere.
> > At least that's how it seems to work for me... Am I wrong??
>
> Depending on how many established connections you want to cut off,
compared
> to how many new connections you want to allow, it could be easier to do
this
> the other way around:
>
> have a standard rule:
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> in your FORWARD chain, and then insert a rule *before* this one to
> specifically block the IP you want to disconnect:
> iptables -I FORWARD -s a.b.c.d -j REJECT
>
> This will then make sure that packets from that address do not get as far
as
> the ESTABLISHED, RELATED rule, and therefore are no longer allowed through
> the machine.
>
> Antony.
>
> --
>
> KDE 3.0.3 contains an important fix for handling SSL certificates. Users
of
> Internet Explorer, which suffers from the same problem but which
> does not yet have a fix available, are also encouraged to switch to KDE
3.0.3.
>
> http://www.kde.org/announcements/announce-3.0.3.html
>
>
next prev parent reply other threads:[~2002-10-11 14:03 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-11 5:28 Fw: How to remove Established Connection HareRam
2002-10-11 7:49 ` Antony Stone
2002-10-11 8:16 ` HareRam
2002-10-11 9:15 ` Michael
2002-10-11 10:02 ` HareRam
2002-10-11 12:30 ` Antony Stone
2002-10-11 14:03 ` HareRam [this message]
2002-10-11 16:15 ` DROP or REJECT HareRam
2002-10-11 17:12 ` Fw: How to remove Established Connection Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='00b501c2712e$f88e39e0$7cfcc5cb@humanpc' \
--to=hareram@sol.net.in \
--cc=Antony@Soft-Solutions.co.uk \
--cc=netfilter@lists.samba.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox