killing a tcp connection (pfctl -k ???) - BSD

This is a discussion on killing a tcp connection (pfctl -k ???) - BSD ; (Freebsd 6.2) If there's a tcp connection established, I though pfctl -k would be enough to kill it off. Sometimes (rarely) it does; more usually the connection remains active. So is there a way of forcibly terminating an existing TCP ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: killing a tcp connection (pfctl -k ???)

  1. killing a tcp connection (pfctl -k ???)

    (Freebsd 6.2)

    If there's a tcp connection established, I though pfctl -k would be
    enough to kill it off. Sometimes (rarely) it does; more usually the
    connection remains active.

    So is there a way of forcibly terminating an existing TCP link from my
    machine to the outside world without killing the process using it?


    TIA.

  2. Re: killing a tcp connection (pfctl -k ???)

    Mike Scott writes:

    >If there's a tcp connection established, I though pfctl -k would be
    >enough to kill it off. Sometimes (rarely) it does; more usually the
    >connection remains active.


    >So is there a way of forcibly terminating an existing TCP link from my
    >machine to the outside world without killing the process using it?


    I think you should have tcpdrop in 6.3.

    David.

  3. Re: killing a tcp connection (pfctl -k ???)

    David Malone wrote:
    > Mike Scott writes:
    >
    >> If there's a tcp connection established, I though pfctl -k would be
    >> enough to kill it off. Sometimes (rarely) it does; more usually the
    >> connection remains active.

    >
    >> So is there a way of forcibly terminating an existing TCP link from my
    >> machine to the outside world without killing the process using it?

    >
    > I think you should have tcpdrop in 6.3.
    >
    > David.

    Ah, thanks. It turns out to be on my 6.2 too anyway - but as I didn't
    know what to look for.......

    Mind you, it needs a remote port, which is a bit of a pain when you just
    want to drop all connections to a given machine. Not insuperable though.

    Many thanks for the pointer.


  4. Re: killing a tcp connection (pfctl -k ???)

    Mike Scott writes:

    >Ah, thanks. It turns out to be on my 6.2 too anyway - but as I didn't
    >know what to look for.......


    Ah - good.

    >Mind you, it needs a remote port, which is a bit of a pain when you just
    >want to drop all connections to a given machine. Not insuperable though.


    You could be able to net the numbers you need from netstat or sockstat.

    >Many thanks for the pointer.


    Glad to help!

    David.

  5. Re: killing a tcp connection (pfctl -k ???)

    David Malone wrote:
    > Mike Scott writes:
    >
    >> Ah, thanks. It turns out to be on my 6.2 too anyway - but as I didn't
    >> know what to look for.......

    >
    > Ah - good.
    >
    >> Mind you, it needs a remote port, which is a bit of a pain when you just
    >> want to drop all connections to a given machine. Not insuperable though.

    >
    > You could be able to net the numbers you need from netstat or sockstat.


    Yes.

    sockstat -4 -c | grep "tcp.* $host:" | while read u p pid sock proto
    here there ; do
    here=`echo $here | sed 's/:/ /`
    there=`echo $there | sed 's/:/ /`
    tcpdrop $here $there
    done

    (Just in case anyone else wants a quick and dirty script)

    It works; I'm sure there's a neater way :-)

    >
    >> Many thanks for the pointer.

    >
    > Glad to help!
    >
    > David.


    (In case anyone's wondering, it's part of a script that monitors mail
    logs in real time for obvious spam sources, and then adds them to the
    firewall block list and drops the current connection.)

+ Reply to Thread