Hello all, I'm working on an Internet access control system for LANs based on iptables. A user logs in via browser, and the underlying CGI talks to a daemon which sets up iptables rules which grant Internet access to the originating IP. This works well.
When an user clicks on "disconnect", the system deletes the corresponding iptables rules. This also works well. The problem is: currently active connections (telnet, ssh, mysql etc) stay active even after disconnect. This opens the possibility of completely cheating the system with an IP-over-IP tunnel. What I'd like to do is either kill all currently active connections from that IP or stopping packet mangling according to rules that no longer exist. Any suggestion would be greatly appreciated. Cheers to all, -- Juan Carlos Castro y Castro | "Standing up to an evil system is [EMAIL PROTECTED] | exhilarating." -Richard Stallman Rio de Janeiro - Brazil | http://www.vialink.com.br/~jcastro
