Hi Sigmund,
This depends on the way you have implemented your rules
(in other words: you can be as flexible as you want). If you're
doing connection tracking and you are firewalling an ssh connection,
the connection will be tagged as "ESTABLISHED" (see /proc/net/ip_conntrack).
So, if you have an iptables rule like this:
iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT
the ssh session will not get terminated after a rules reload, not
even when there is a rule explicitly blocking tcp connections to port
22 after the state match rule.
On the other hand, if you have a rule like this:
iptables -A FORWARD -p tcp --dport 22 -j DROP
before the state matching, the connection will be blocked even though
it will still be marked as ESTABLISHED in /proc/net/ip_conntrack.
You cannot delete an entry from /proc/net/ip_conntrack, all you can do
is flush all your rules and rmmod the ip_conntrack module, then you
will lose *all* connection tracking info.
Regards,
Filip
-----Original Message-----
From: Sigmund Vegheim [mailto:[EMAIL PROTECTED]]
Sent: Wed 24/04/2002 13:37
To: [EMAIL PROTECTED]
Cc:
Subject: Statefull inspection
Hello everyone!
Does anybody know if it's right that iptables don't close down established
ssh-connections through the firewall
when you implement a rule to stop this ssh traffic, and restart iptables?
Thanks in advance,
./Sigmund
Title: RE: Statefull inspection
- Statefull inspection Sigmund Vegheim
- RE: Statefull inspection Sigmund Vegheim
- RE: Statefull inspection Sneppe Filip
- RE: Statefull inspection Sneppe Filip
- RE: Statefull inspection Sigmund Vegheim
- Re: Statefull inspection Ramin Alidousti
- RE: Statefull inspection Sigmund Vegheim
- RE: Statefull inspection Sneppe Filip
- RE: Statefull inspection Joe Patterson
- RE: Statefull inspection Sigmund Vegheim
