On Thursday 18 April 2002 4:15 am, Ramin Alidousti wrote: > > What I'd like to do is either kill all currently active connections from > > that IP or stopping packet mangling according to rules that no longer > > exist. Any suggestion would be greatly appreciated. > > Can you not rmmod the conntrack and insmod it back in?
Surely this would kill *all* the connections currently active through the box, not just the ones related to the user who's just logged off. Yes, it will avoid the 'persistent connection' problem, but it's not going to make all the other users happy.... My thought is to have a rule at the top of the FORWARDing chain which specifically blocks packets to/from (doesn't really matter which) the IP address whcih has just logged off - then the logon process removes that rule to allow packets to flow ? Antony.
