From owner-freebsd-questions@FreeBSD.ORG  Fri May 30 00:32:30 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 3FCF7E61
 for <freebsd-questions@freebsd.org>; Fri, 30 May 2014 00:32:30 +0000 (UTC)
Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 2220A28AB
 for <freebsd-questions@freebsd.org>; Fri, 30 May 2014 00:32:28 +0000 (UTC)
Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org
 [192.94.73.9])
 by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s4U0VVZS004003
 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO)
 for <freebsd-questions@freebsd.org>; Fri, 30 May 2014 00:31:51 GMT
Date: Fri, 30 May 2014 00:31:31 +0000 (UTC)
From: John Case <case@SDF.ORG>
X-X-Sender: case@faeroes.freeshell.org
To: freebsd-questions@freebsd.org
Subject: Can I reset all existing network connections with ipfw ?
Message-ID: <Pine.NEB.4.64.1405300024480.1532@faeroes.freeshell.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 May 2014 00:32:30 -0000


Let's say i have a rule like this somewhere near the front of my ipfw 
ruleset:



ipfw add 10 allow tcp from any to any established


... fairly standard ... get established connections through ipfw quickly 
without sending them through the entire ruleset, which, presumably, 
they've already passed through.

Ok, but what if I boot without a ruleset, OR I flush the rules and then 
re-apply them ... then there could be established tcp connections, that 
will be passed by this rule, that might be disallowed by the ruleset ... 
but they are allowed to continue because they were established before I 
applied the ruleset.

In this case, is there an ipfw command that I can run that resets, or 
kills off, all established connections, and forces them to reconnect now 
that the rules are in place ?  I could probably 'ifconfig down' the 
interface, but that seems like too much brute force ... is there a nice 
way to do it ?

I was thinking of 'tcpdrop' but there doesn't seem to be a 'tcpdrop all' 
or equivalent command ...