- Fiverizer: convert a website from XHTML 1.0 to HTML5
- How to Convert Your Website from XHTML 1.0 to HTML5 the Quick and Easy Way
- DC Blog RSS Feed
- [Updated] Free Mobile-Friendly Layout Wizard
- [Fixed] Feedback Form Wizard
- GitHub patch release previous version
- 15 years of blogging 500 posts later
- How to disable Laravel console commands
- Vue show and hide form elements
- Extracting a time into select menus with PHP
Recent Questions
آخرین مطالب
امکانات وب
I've been working on a project that is nearly complete: to be able to kill my children's inteet connections at the touch of a button. I've implemented part of the solution by basically calling:
ufw deny from IP
The threat of killing their inteet works half the time, and the above works half of the remaining half. Where I run into issues are long youtube videos. It's sometimes convenient that existing connections continue, but I'd also like to have a button that would kill all existing traffic to/from the IP. This has proved much more difficult than expected.
I've tried cutter, which doesn't even seem to work on Ubuntu 14.04. I've tried tcpkill. It seems to run, but doesn't seem to do anything (I've supplied both Etheet interfaces) and seems to want to continually run. Although my ufw is persistent, I'd rather the kill immediately is state-less and just drop all existing connections.
Conntrack sounded promising (http://conntrack-tools.netfilter.org/manual.html), and had the following:
Delete one entry, this can be used to block traffic if:
You have a stateful rule-set that blocks traffic in INVALID state.
You have set /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose or /proc/sys/net/netfilter/nf_conntrack_tcp_loose, depending on your keel version, to zero.
The command
conntrack -D -s <IP>
seems to take and show deletions of something, but the youtube video keeps humming along and I see connections reforming when I do
conntrack -L
I've done
echo 0 > nf_conntrack_tcp_loose
and cat'ed it to make sure it stuck, but it doesn't seem to delete the connections.
I'm not 100% sure what "a stateful rule-set that blocks traffic in INVALID state" means, but I do see the follow rule
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
when doing a "iptables -L -n", if that's what it references.
I've found the following:
iptables -A INPUT -s "$BLOCK_THIS_IP" -j DROP
It didn't work for me, but it's likely due to it being proceeded with a general rule to allow all traffic on the inteal network, and with reordering it might work. I'd rather not mix iptables commands with ufw commands. Given that UFW has already setup the iptables to deny any new connections, setting up a drop in iptables seems redundant, and I really don't want to mix UFW with iptable commands if I can help it.
Can anyone tell me how I might use "conntrack -D" to end existing connections to/from a host, or some other way to this short of bringing the network or interface down and then back? Figuring out how to do this has been more elusive than imagined.
Thanks,
Mark
Recent Questions...ما را در سایت Recent Questions دنبال میکنید
برچسب:
نویسنده: استخدام کار
بازدید: 205