The connection that was established before are still operating because there are one or a set of rules that accept the ESTABLISHED connections (in INPUT or in FORWARD), am i wrong? If you delete this rule for the disconnected client the connection can't still operating (if the default policy is DROP).
Marco > > Hi, > > can you remove the ESTABLISHED/RELATED rules for the disconnected client? > > What you mean? > > The only related rules where in PREROUTING in nat doing DNAT. On > disconnect of client's authorizing software the rules are deleted and > new connections can't be established (thats correct), but connection > that wa established before a still operating (that's wrong). >
