conn-close gives us possibility to get rid of entries in ip_conntrack about ESTABLISHED TCP connections that goes through our server.
conn-close script uses hping2 to send spoofed RST packets which will fool conntrack and cause specified connections to be considered by conntrack as closed (now these connections will be in ip_conntrack in CLOSE state), even though RST packets will be mor
Information about connections is read of course from /proc/net/ip_conntrack.
Idea was taken from script seen somewhere on the internet.
· Perl 5.x (latest stable for your distro because of security reasons)
· Download script: conn-close
· Copy conn-close to some location that is in your PATH variable, for example /usr/sbin.
· chmod +x /path_to_script/conn-close
Example of usage:
conn-close --srcip=10.0.0.2 --dstip=22.214.171.124 --lookup
conn-close --srcip=10.0.0.2 --dstip=126.96.36.199 --srcport=22 --dstport=8080 --close