Can I reset all existing network connections with ipfw ?
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Fri May 30 17:55:00 UTC 2014
John Case <case at SDF.ORG> writes:
> Let's say i have a rule like this somewhere near the front of my ipfw
> ruleset:
>
>
>
> ipfw add 10 allow tcp from any to any established
>
>
> ... fairly standard ... get established connections through ipfw
> quickly without sending them through the entire ruleset, which,
> presumably, they've already passed through.
>
> Ok, but what if I boot without a ruleset, OR I flush the rules and
> then re-apply them ... then there could be established tcp
> connections, that will be passed by this rule, that might be
> disallowed by the ruleset ... but they are allowed to continue because
> they were established before I applied the ruleset.
>
> In this case, is there an ipfw command that I can run that resets, or
> kills off, all established connections, and forces them to reconnect
> now that the rules are in place ? I could probably 'ifconfig down'
> the interface, but that seems like too much brute force ... is there a
> nice way to do it ?
>
> I was thinking of 'tcpdrop' but there doesn't seem to be a 'tcpdrop
> all' or equivalent command ...
If I were worried about that regularly, I wouldn't have "established" in
my ruleset to begin with. Keeping state would be more appropriate.
I can't picture a use case where this would come up in practice.
More information about the freebsd-questions
mailing list