LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page How do I tear down an active tcp/udp session thru my firewall
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-10-2008, 03:12 PM   #1
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Rep: Reputation: 31
How do I tear down an active tcp/udp session thru my firewall

Hi,

I have somebody running a myspace client on their workstation. I have already blocked the destination IP addresses for myspace, but the user doesn't turn off his computer, leaving his myspace session active.

The firewall is:

Debian Etch
iptables (shorewall)

The session shows up on ntop.

I can't reboot the firewall, there is too much traffic going through.

Thanks for reading
 
Old 04-10-2008, 03:41 PM   #2
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
There's probably a better solution, but could you temporarily insert a rule in the firewall to block ALL the traffic coming from and going to the client on the specific port? If you inserted it before the ACCEPT all related/established rule, that should kill it off. You can then delete it when the connection's been broken. No need to flush the firewall.
I'd also be interested to learn how to kill a specific connection directly though.
 
Old 04-10-2008, 03:55 PM   #3
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Original Poster
Rep: Reputation: 31
LOL that worked

I walked by and heard him complaining LOL

I'd still like to know if there is a better way of tearing down sessions, if anyone knows.
 
Old 04-10-2008, 03:59 PM   #4
beadyallen
Member
 
Registered: Mar 2008
Location: UK
Distribution: Fedora, Gentoo
Posts: 209

Rep: Reputation: 36
Glad it helped. Sometimes a 'quick fix' solution is the best.
 
Old 04-10-2008, 04:59 PM   #5
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by drokmed View Post
I'd still like to know if there is a better way of tearing down sessions, if anyone knows.
Have a look at Cutter - it's part of Debian.

EDIT: BTW, I just noticed you were also asking about UDP. Just wanted to point-out that since UDP is connectionless, an iptables filtering approach would probably be just fine for it. There isn't any actual connection to "cut".
Last edited by win32sux; 04-10-2008 at 05:42 PM.
 
Old 04-11-2008, 11:23 AM   #6
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Original Poster
Rep: Reputation: 31
Thanks for cutter, didn't know about that one.

Is there a way to LIST active tcp connections from the command line? Right now, I'm using ntop to list them from a web browser.

btw lol yeah no such thing as tearing down udp connections, just block them

edit: netstat -nt looks closest I can get to it.
Last edited by drokmed; 04-11-2008 at 11:28 AM.
 
Old 04-11-2008, 11:25 AM   #7
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by drokmed View Post
Is there a way to LIST active tcp connections from the command line?
Well, I just use netstat.
 
Old 04-11-2008, 11:32 AM   #8
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Original Poster
Rep: Reputation: 31
netstat -nt | grep EST

Includes local to local, want to get rid of those, just show routed.
 
Old 04-11-2008, 11:57 AM   #9
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
Quote:
Originally Posted by drokmed View Post
netstat -nt | grep EST

Includes local to local, want to get rid of those, just show routed.
I'm sure if you read through the man page you can find the options to show only the routed ones.

But if you want a quicker way maybe apt-get install netstat-nat.
 
Old 04-11-2008, 12:07 PM   #10
drokmed
Member
 
Registered: Dec 2005
Location: St Petersburg, FL, USA
Posts: 220

Original Poster
Rep: Reputation: 31
Quote:
Originally Posted by win32sux View Post
But if you want a quicker way maybe apt-get install netstat-nat.
NICE!!!

Didn't know that one either... thanks!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
About TCP / UDP shipon_97 Linux - Newbie 5 06-24-2012 06:22 PM
TCP and UDP aatwell Programming 4 11-07-2007 08:47 AM
tcp/udp and c++ Kroenecker Programming 1 05-10-2005 11:56 AM
UDP over TCP The_Nerd Programming 7 07-21-2004 09:45 PM
TCP vs. UDP mikeshn Linux - Networking 5 05-17-2003 04:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:22 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration