No, you are both wrong. My script already makes DROP and flush. The problem is that when you reset the script to allow related packets you still allow the old related packets as well.
I see that the only solution is to remove the modules them self. Thanks, Ohad -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 18, 2002 1:15 PM To: Levy Ohad Cc: Assaf Flatto; [EMAIL PROTECTED] Subject: Re: iptables flush doesn't kill RELATED packets On Wed, Sep 18, 2002 at 10:21:17AM +0200, Assaf Flatto wrote: > stop the IPtables deamon running in the background would be a good start . > > /etc/init.d/iptables stop > or > service iptables stop > > > Assi > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, September 18, 2002 9:57 AM > To: [EMAIL PROTECTED] > Subject: iptables flush doesn't kill RELATED packets > > > > Hi all, > > Lately I discovered that when I flush my iptables, it still allow related > packets to come though (I had a certain port open, then I removed that rule > and flushed the entire tables... and Walla the connection was still alive). > > So if I didn't miss anything basic in here, what's the way to flush the > related table as well? > > Thanks, > > Ohad Flushing the (empty) tables doesn't alter the chains policies. Either use the suggested stop command, although with my inactive rules this might not do what you want, or set the policy to DROP explicitly: iptables -P DROP Disclaimer: depending on your setup, setting the policies to DROP and flushing the chains might disconnect you from the machine. -- Shaul Karl, [EMAIL PROTECTED] e t ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
