Shorewall users - Sep 2005 - Dropping packets in old connections?

I''m using shorewall to reject traffic from certain hosts in a network 
at certain times. 
Shorewall is configured as a bridge. The setup works okay, but
not 100% as I would like it. When I re-start shorewall I would like 
all packets from existing connections to be dropped too. But it seems 
only new connection attempts will be rejected/dropped.

In the documentation for /etc/shorewall/rules there is this text:

"Entries in this file only govern the establishment of new connections - 
 packets that are part of an existing connection or that establish a 
 connection that is related to an existing connection are automatically 
 accepted."

Is there a way to get shorewall to cut off old connections too?


Mats





-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf

Mats Byggmastar wrote:
> 
> Is there a way to get shorewall to cut off old connections too?
> 
No. Netfilter currently provides no ability to sever existing connections.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

>> 
>> Is there a way to get shorewall to cut off old connections too?
>> 
>
>No. Netfilter currently provides no ability to sever existing connections.
>
>-Tom
Do you know if such functionality will be added?
Something like the blacklist but where also destination
address is checked?


Mats





-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf