On Friday 20 January 2006 17:22, Robert Nichols wrote: > Richard Emberson wrote: > > Thank you for response. > > What I was asking was: You've got an existing set of IpTable rules and > > you have a set of current/active connections that are governed by those > > rules. If you then change the rules, what happens to the existing > > connections? > > Are they still associated with the old rules or are the new rules > > applied. > > > > If an old rule says that a connection from a particular machine is > > allowed and you currently have such a connection and then you install new > > rules that disallow connections from that machine - will the existing > > connection be terminated or still remain open? > > The packets would be filtered according to the new rules. But, one of > the first rules in most rule sets is a rule that allows packets for any > EXISTING or RELATED connection. Loading a new iptables rule set does > not flush the conntrack table, so packets for the old connections would > still get through unless blocked by something earlier than that rule. > Agreed, and, yes this EXISTING,RELATED rule is near the top for performance reasons --> BUT <-- after some safeguard rules. (This system is also after a router with its own firewall.) > Bob Nichols Yes, "NOSPAM" is really part of my email address.
