I''m running shorewall 1.3.10 on a RH 8.0 machine tath works like firewallfor a small network . My prob is to stop the P2P sharing. So During the day I drop all the outgoing conn except the useful service (www, pop, ssh, smtp) and at 18.00 I open the firewall. The probs is that when at 8.00 AM I start shorewall all the new connection are stopped but if I was downloading or uploading process are not stooped. I''ve tried to use the allow related connection but with no result! Have you any Idea? ________________________________________________________________________ This email has been scanned for all viruses by the MessageLabs SkyScan service. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.messagelabs.com ________________________________________________________________________
>From what I saw earlier on this list I think it''s not possible.As a dirty hack you could : bring down your public interface, stop shorewall, bring up your interface again and restart shorewall The downside is that your server will be unavailable for a couple of seconds..... On Fri, 13 Dec 2002, lupick wrote:> I''m running shorewall 1.3.10 on a RH 8.0 machine tath works like > firewallfor a small network . My prob is to stop the P2P sharing. So > During the day I drop all the outgoing conn except the useful service > (www, pop, ssh, smtp) and at 18.00 I open the firewall. The probs is > that when at 8.00 AM I start shorewall all the new connection are > stopped but if I was downloading or uploading process are not stooped. > > I''ve tried to use the allow related connection but with no result! > > Have you any Idea? > > > > ________________________________________________________________________ > This email has been scanned for all viruses by the MessageLabs SkyScan > service. For more information on a proactive anti-virus service working > around the clock, around the globe, visit http://www.messagelabs.com > ________________________________________________________________________ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > >-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
--On Friday, December 13, 2002 02:46:31 PM +0100 Remco Barendse <shorewall@barendse.to> wrote:> From what I saw earlier on this list I think it''s not possible. > > As a dirty hack you could : > bring down your public interface, stop shorewall, bring up your interface > again and restart shorewall > > The downside is that your server will be unavailable for a couple of > seconds..... >Another approach is to stop Shorewall and unload all of the netfilter modules then start Shorewall. NetFilter provides no other way to do this. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
Or simple use the tcpkill utils which comes with dsniff (google is your friend). Just use it as you use tcpdump :)> -----Message d''origine----- > De : shorewall-users-admin@shorewall.net > [mailto:shorewall-users-admin@shorewall.net]De la part de Tom Eastep > Envoye : vendredi 13 decembre 2002 16:45 > A : lupick > Cc : shorewall-users@shorewall.net > Objet : Re: [Shorewall-users] How to drop established connection > > > > > --On Friday, December 13, 2002 02:46:31 PM +0100 Remco Barendse > <shorewall@barendse.to> wrote: > > > From what I saw earlier on this list I think it''s not possible. > > > > As a dirty hack you could : > > bring down your public interface, stop shorewall, bring up your > interface > > again and restart shorewall > > > > The downside is that your server will be unavailable for a couple of > > seconds..... > > > > Another approach is to stop Shorewall and unload all of the netfilter > modules then start Shorewall. NetFilter provides no other way to do this. > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > Shoreline, \ http://shorewall.sf.net > Washington USA \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users