Hello, I''ve managed to get a perl script modifying the rules file for Shorewall to comment out the following lines for each LAN user when they''ve used all their available bandwidth: ACCEPT net vpn1:10.10.1.2 all ACCEPT vpn1:10.10.1.2 net all However, this does not kill off existing connections. I need a simple to implement way (direct iptables commands would be great) to kill off existing connections that the user has open, until shorewall is next restarted. I might add that the script writes to the rules file then restarts shorewall when it blocks a user - so this would most likely be run after shorewall restarts? Does a ''shorewall restart'' remove rules added directly by iptables? Thanks, Jan
> Hello, > > I''ve managed to get a perl script modifying the rules file for Shorewall > to > comment out the following lines for each LAN user when they''ve used all > their available bandwidth: > > ACCEPT net vpn1:10.10.1.2 all > ACCEPT vpn1:10.10.1.2 net all > > However, this does not kill off existing connections. > > I need a simple to implement way (direct iptables commands would be great) > to kill off existing connections that the user has open, until shorewall > is > next restarted. I might add that the script writes to the rules file then > restarts shorewall when it blocks a user - so this would most likely be > run > after shorewall restarts?Maybe you need something like this: http://www.lowth.com/cutter/ Simon> > Does a ''shorewall restart'' remove rules added directly by iptables? > > Thanks, > > Jan >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
That''s exactly what I needed, thank you very much Simon! Jan Mulders On 17/02/06, Simon Matter <simon.matter@ch.sauter-bc.com> wrote:> > > Hello, > > > > I''ve managed to get a perl script modifying the rules file for Shorewall > > to > > comment out the following lines for each LAN user when they''ve used all > > their available bandwidth: > > > > ACCEPT net vpn1:10.10.1.2 all > > ACCEPT vpn1:10.10.1.2 net all > > > > However, this does not kill off existing connections. > > > > I need a simple to implement way (direct iptables commands would be > great) > > to kill off existing connections that the user has open, until shorewall > > is > > next restarted. I might add that the script writes to the rules file > then > > restarts shorewall when it blocks a user - so this would most likely be > > run > > after shorewall restarts? > > Maybe you need something like this: > http://www.lowth.com/cutter/ > > Simon > > > > > Does a ''shorewall restart'' remove rules added directly by iptables? > > > > Thanks, > > > > Jan > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >