Brian J. Murrell wrote: > On Wed, 2007-05-09 at 16:52 -0700, Tom Eastep wrote: >> Brian J. Murrell wrote: >> >> I didn't mention that since you are running a 2.4 kernel -- I would be >> astonished if conntrack works in that environment. > > Yes, indeed, so I am coming to discover. Pity. > > Unfortunately cutter seems to work only for TCP as it fiddles with the > TCP state. The connection I'm trying to break is UDP. > > Even filtering rules on the gateway are of no help as they seem to take > place after the conntrack state is updated. :-( > > This is quite a predicament. The only way to solve it, assuming I don't > have control of the application generating the traffic going through the > firewall is to reboot the firewall. :-(
With UDP, there is no connection to break. The conntrack module tracks related UDP packets, but cutter has no relevance to UDP since it is connectionless. -- Paul <http://paulgear.webhop.net> -- Did you know? Email viruses spread using addresses they find on the host computer. You can help to reduce the spread of these viruses by using Bcc: instead of To: on mass mailings, or using mailing list software such as mailman (http://www.list.org/) instead.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
