Helping to clear SYNC-OUT connections for certain IPs
by dr.x from LinuxQuestions.org on (#5R34W)
Hello Team ,
How to reject connections from SS table SYNC-Sent Packets from IPTABLES .
I have a src ip on the sever with addresss ---> 1.1.1.1
its not a real address and I just want to reject any connection is made form this connection ip outside the server .
I added both :
INPUT & OUTOUT
-A INPUT -s 1.1.1.1/32 -j DROP
-A INPUT -d 1.1.1.1/32 -j DROP
################
-A OUTPUT -s 1.1.1.1/32 -j DROP
-A OUTPUT -d 1.1.1.1/32 -j DROP
To my IPTABLES
Iptables however can detect and block based on below :
########################
0 0 DROP all -- * * 1.1.1.1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 1.1.1.1
1542K 74M DROP all -- * * 1.1.1.1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 1.1.1.1
with icmp-port-unreachable
############################
My only concern is , as long as IPTABLES is dropping the outbound connections sourced from 1.1.1.1 .
Why I still can see the connection in SS table as below :
ss -o state syn-sent | less
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 1 1.1.1.1:3767 72.21.91.29:http timer:(on,4.908ms,3)
tcp 0 1 1.1.1.1:10013 72.21.91.29:http timer:(on,3.917ms,2)
tcp 0 1 1.1.1.1:54949 72.21.91.29:http timer:(on,3.532ms,2)
tcp 0 1 1.1.1.1:55871 72.21.91.29:http timer:(on,15sec,4)
IS there Any way I can block the connections from SS table too ?
I believe its more than 6k connection in my server and it can affect on resources .
ss -o state syn-sent | wc -l
6488
Kindly please help me how to clean SS table from anything using 1.1.1.1 address src or DST .
Also help me why iptabes is not cleaning SS table although it was matched .
Thanks
How to reject connections from SS table SYNC-Sent Packets from IPTABLES .
I have a src ip on the sever with addresss ---> 1.1.1.1
its not a real address and I just want to reject any connection is made form this connection ip outside the server .
I added both :
INPUT & OUTOUT
-A INPUT -s 1.1.1.1/32 -j DROP
-A INPUT -d 1.1.1.1/32 -j DROP
################
-A OUTPUT -s 1.1.1.1/32 -j DROP
-A OUTPUT -d 1.1.1.1/32 -j DROP
To my IPTABLES
Iptables however can detect and block based on below :
########################
0 0 DROP all -- * * 1.1.1.1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 1.1.1.1
1542K 74M DROP all -- * * 1.1.1.1 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 1.1.1.1
with icmp-port-unreachable
############################
My only concern is , as long as IPTABLES is dropping the outbound connections sourced from 1.1.1.1 .
Why I still can see the connection in SS table as below :
ss -o state syn-sent | less
Netid Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp 0 1 1.1.1.1:3767 72.21.91.29:http timer:(on,4.908ms,3)
tcp 0 1 1.1.1.1:10013 72.21.91.29:http timer:(on,3.917ms,2)
tcp 0 1 1.1.1.1:54949 72.21.91.29:http timer:(on,3.532ms,2)
tcp 0 1 1.1.1.1:55871 72.21.91.29:http timer:(on,15sec,4)
IS there Any way I can block the connections from SS table too ?
I believe its more than 6k connection in my server and it can affect on resources .
ss -o state syn-sent | wc -l
6488
Kindly please help me how to clean SS table from anything using 1.1.1.1 address src or DST .
Also help me why iptabes is not cleaning SS table although it was matched .
Thanks