>> Is there some way to kill all TCP connections that go over the network
>> interface `foo' whenever this interface is brought up with an IP address
>> different from the one it had before?
> Chris Davies a écrit :
>> Try an iptables -t nat ... -j MASQUERADE rule
> Pascal Hambourg <boite-a-(E-Mail Removed)> wrote:
>> Note that this won't affect existing connections in the TCP/IP stack and
>> sockets ; it will only erase them in the Netfilter connection tracking
>> table.
> Yes. Re-reading the man page (yet again - I learn something fresh each
> time) I've now realised that, thanks. Perhaps the OP might like to play
> around with "cutter". Something like this, triggered when the interface
> is dropped, seems reasonable to me:
> netstat -na |
> awk '$1 ~ /^tcp/ && /ESTABLISHED/ {
> split($4,s,":"); split($5,d,":"); print s[1],s[2],d[1],d[2] }
> ' |
> xargs -n4 cutter
Thanks, this is close to what I want indeed.
But it turns out that `cutter' is really meant to be run on the
router(firewall) machine, rather than on my laptop. I.e. it can kill
connection that go *through* a machine, but not the connections that
start/end at the current machine. It doesn't look an inherent limitation in
the technique it uses, so maybe I'll try and find the time to play with the
source code.
Still it seems like for my specific problem, `cutter' is a bit heavy handed
and a simpler solution should be possible. Still, following your suggestion
I googled for tcp cutting and tcp killing, and I found `tcpkill' which is
also a close match, except it only kills the connections on which there is
activity and it doesn't know when to stop (basically it monitors tcp
activity of a specified kind and kills it whenever it sees it, without being
able to tell if there are such connections left or not).
Stefan
|
Similar Threads
Linear Mode
