4
votes

I am not able to find an answer to a simple thing I will try to achive: once a tcp connection is established to my linux server, let's say ssh / tcp 22 or x11 / tcp 6000 display -> how do I close this connection without killing the process (sshd / x11 display server). I saw also some suggestoin to use iptables, but it does not work for me, the connection is still visible in netstat -an. would be good if someone can point me to the right direction.

what I tried so far

tcpkill: kills the process, not good for me
iptables: does not close the established connection, but prevent further connections. 

Thanks in adavnce DJ

1
Attach to the process with a debugger, then call shutdown() followed by close(), or just close(), on the appropriate file descriptor. Then hope the process can handle that. - Andrew Henle

1 Answers

2
votes

Ok, I found at least one solution (killcx) which is working. Maybe we will be able to find an easier solution. Also, i saw the comment from "zb" - thanks - which might also work, but I was not able to find a working syntax, since this tool seems to be really useful but complex. So here is an example how to work with the 1. solution which is working for me:

netstat -anp  | grep 22   
output: tcp  0  0 192.168.0.82:22         192.168.0.77:33597      VERBUNDEN   25258/0
iptables -A INPUT -j DROP -s 192.168.0.77 (to prevent reconnect)
perl killcx.pl 192.168.0.77:33597 (to kill the tcp connection)

killcx can be found here: http://killcx.sourceforge.net/ it "steals" the connection from the foreign host (192.168.0.77) and close it. So that solution is working fine, but to complex to setup quickly if you are under stress. Here are the required packages:

apt-get install libnetpacket-perl  libnet-pcap-perl libnet-rawip-perl
wget http://killcx.sourceforge.net/killcx.txt -O killcx.pl

however, would be good to have an easier solution.