Project

General

Profile

Actions

Bug #11556

open

Kill all states associated with a NAT address

Added by Yuri Weinstein 8 months ago. Updated 7 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
-
Start date:
02/26/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

Assume you have an external IP XXX
And an OpenVPN net 192.168.200.0/0

After OpenVPN client connects it gets an IP 192.168.200.2

Now let's use States to see and kill all states for 192.168.200.2

There are lots of states look like this:

WAN    tcp    XXX:49313 (192.168.200.2:62472) -> <some_IP>:443    TIME_WAIT:TIME_WAIT    84 / 108    6 KiB / 129 KiB

And they don't get killed.

Expected - all states associated with 192.168.200.2 killed, or there is an option to select all and allow kill.

Actions #1

Updated by Jim Pingle 8 months ago

  • Subject changed from Kill all states associated with an host IP NET address to Kill all states associated with a NAT address
  • Category changed from NAT Reflection to Rules / NAT

Correcting the category and subject

The ask here is for a way to kill based on the NAT address in the state instead of the source or destination.

Actions #2

Updated by Marcos Mendoza 7 months ago

I can confirm this is currently an issue.

Actions

Also available in: Atom PDF