Brian J. Murrell wrote: > On Wed, 2007-05-09 at 16:52 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >> I didn't mention that since you are running a 2.4 kernel -- I would be >> astonished if conntrack works in that environment. > > Yes, indeed, so I am coming to discover. Pity. > > Unfortunately cutter seems to work only for TCP as it fiddles with the > TCP state. The connection I'm trying to break is UDP. > > Even filtering rules on the gateway are of no help as they seem to take > place after the conntrack state is updated. :-( > > This is quite a predicament. The only way to solve it, assuming I don't > have control of the application generating the traffic going through the > firewall is to reboot the firewall. :-(
Or unload to conntrack kernel module. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
