Help with TCP state

[Gregory D Hough]

Lennart Sorensen wrote:
> On Fri, Jul 28, 2006 at 09:06:52AM -0400, Gregory D Hough wrote:
> 
>>Is there anyway to force an ESTABLISHED state entry in
>>/proc/net/ip_conntrack to close?
> 
> 
> Use netstat -anp, to find which program is using the port, and kill the
> program.
> 
> --
> Len Sorensen
> -- 
Thanks Len, you've always offered meaningful information to posters. I 
should have offered a bit more substance when asking the question.

I know which program is running, but it is on another machine. Killing 
it defeats the whole purpose of this exercise. I am trying to 
dynamically load pairs of FORWARD/PREROUTING rules into the kernel for a 
period of time, after which the pairs are unloaded. However, any 
connections ESTABLISHED during that time are kept alive well after the 
rules removal, so long as the remote host retransmits.

I solved the problem by loading a replacement DROP rule in the FORWARD 
chain, which halts the connections until the remote hosts timeout or 
reach their max retrans.

What makes this kind of exercise interesting to me is seeing how the 
remote hosts probing my IP change their tactics. I blend some beguiling 
routines and I tweak the NetFilters in response to this. It has been a 
challenge building a firewall which can evolve on its own to mete this 
largely unpredictable behavior. The Turing Test is a long way off but 
what the heck, ya gotta start somewhere.

greg
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml