Re: HOW to make 'Deleting conntrack rule' clear the state created from this rule

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Re: HOW to make 'Deleting conntrack rule' clear the state created from this rule
       [not found] <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>
@ 2005-08-04 10:15 ` Jörg Harmuth
  0 siblings, 0 replies; only message in thread
From: Jörg Harmuth @ 2005-08-04 10:15 UTC (permalink / raw)
  To: netfilter

Allain Yoann schrieb:
> Hello all,
> 
> You would be great if you could help me on this:
> I'm using these 3 rules:
> 
> 1. iptables -P INPUT DROP
> 2. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
> 3. iptables -A INPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 
> Then
> 4. Bob connects on my telnet...
> 5. I decide to suppress rule 3: 
> 	iptables -DINPUT -p tcp --dport 23 -m state NEW,ESTABLISHED -j
> ACCEPT
> 
> 6. Packets from Bob are still accepted because of rule 2. But I need
> this rule (2) for my out-going connections responses.
> 
> Is there a way to suppress the state which has been recorded for rule 3,
> when deleting this rule?

This breaks down to selectivly delete conntrack entries, right ? Harald
Welte posted on this topic:

https://lists.netfilter.org/pipermail/netfilter/2005-July/061538.html

HTH and have a nice time,

Joerg



^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2005-08-04 10:15 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <9C1918067C3BC14C9C351C206D8A8437377893@rennsmail03.eu.thmulti.com>
2005-08-04 10:15 ` HOW to make 'Deleting conntrack rule' clear the state created from this rule Jörg Harmuth

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox