Re: HOW to make 'Deleting conntrack rule' clear the state created from this rule

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Jörg Harmuth" <harmuth@mnemon.de>
To: netfilter@lists.netfilter.org
Subject: Re: HOW to make 'Deleting conntrack rule' clear the state created from	this rule
Date: Thu, 04 Aug 2005 12:15:10 +0200	[thread overview]
Message-ID: <42F1EAAE.5030103@mnemon.de> (raw)
In-Reply-To: <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>

Allain Yoann schrieb:
> Hello all,
> 
> You would be great if you could help me on this:
> I'm using these 3 rules:
> 
> 1. iptables -P INPUT DROP
> 2. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> 3. iptables -A INPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 
> Then
> 4. Bob connects on my telnet...
> 5. I decide to suppress rule 3: 
> 	iptables -DINPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 6. Packets from Bob are still accepted because of rule 2. But I need
> this rule (2) for my out-going connections responses.
> 
> Is there a way to suppress the state which has been recorded for rule 3,
> when deleting this rule?

This breaks down to selectivly delete conntrack entries, right ? Harald
Welte posted on this topic:

https://lists.netfilter.org/pipermail/netfilter/2005-July/061538.html

HTH and have a nice time,

Joerg

          parent reply	other threads:[~2005-08-04 10:15 UTC|newest]

Thread overview: expand[flat|nested]  mbox.gz  Atom feed
 [parent not found: <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=42F1EAAE.5030103@mnemon.de \
    --to=harmuth@mnemon.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox