On Tue, Dec 11, 2007 at 11:06:36AM -0800, Tom Eastep wrote: > Tom Eastep wrote: > > Mirek Sobczak wrote: > >> Hi, > >> I've debian running Shorewall, with two interfaces. > >> I want sometimes to block access of one host from local network to > >> internet. > >> I've use command: > >> shorewall drop 10.1.1.222 > >> > >> after this that host can't make new connection, but existing connections > >> are still active. > >> > >> How to brake theese active connections? > >> Maybe I should use iptables directly? > > > > Use 'cutter'. > > Or if you have small blacklists, you can also set BLACKLISTNEWONLY=No in > shorewall.conf.
Or insert a blocking route (ip route add prohibit 10.1.1.222). That one works even with large blacklists. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
