Hi,
I'm trying to figure out how to interrupt a connection temporarily.
Suppose I want to stop traffic going to 123.123.123.123 then re-allow it later
on.
I have BLACKLISTNEWONLY=Yes in shorewall.conf.
On my shorewall bridge I run:
# tcpkill -i br0 "dst host 123.123.123.123"
This interrupts my TCP connection as expected.
# shorewall show connections | grep 123.123.123.123
tcp 6 5 CLOSE src=10.215.144.48 dst=123.123.123.123 sport=2187 dport=80
packets=284 bytes=11908 src=123.123.123.123 dst=10.215.144.48 sport=80
dport=2187 packets=618 bytes=773183 [ASSURED] mark=0 use=1
After a short while the above command yields no output.
Then I run:
# shorewall reject 123.123.123.123
123.123.123.123 Rejected
However, if I try to connect I succeed when I shouldn't be able to.
Do I require to set "blacklist" in the interfaces file?
Thanks,
Vieri
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
