#!/bin/sh

echo -n "Flushing ip_conntrack table"
# remove NAT and any stateful firewalling rules.
iptables -F POSTROUTING -t nat
iptables -D INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT
iptables -D FORWARD -i eth0 -p tcp ! --syn -m state --state NEW -j
REJECT

# kill modules that will object to ip_conntrack being removed
rmmod ipt_MASQUERADE
rmmod iptable_nat
rmmod ipt_state

# remove ip_conntrack, thus clearing the /proc/net/ip_conntrack table

echo "done."

rmmod ip_conntrack

echo -n "Restarting nat / stateful firewalling: "

# restart NAT
/etc/init.d/nat start

# echo a suitable value into ip_conntrack_max as soon as the
# ip_conntrack module will have been reloaded

echo "220000" > /proc/sys/net/ipv4/ip_conntrack_max

# reload any other stateful rules
iptables -I FORWARD -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT
iptables -I INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT

echo "done."#!/bin/sh

echo -n "Flushing conntrack table: "
# remove NAT and any stateful firewalling rules.
iptables -F POSTROUTING -t nat
iptables -D INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT
iptables -D FORWARD -i eth0 -p tcp ! --syn -m state --state NEW -j
REJECT

# kill modules that will object to ip_conntrack being removed
rmmod ipt_MASQUERADE
rmmod iptable_nat
rmmod ipt_state

# remove ip_conntrack, thus clearing the /proc/net/ip_conntrack table

echo "done."

rmmod ip_conntrack

echo -n "Restarting nat / stateful firewalling: "

# restart NAT
/etc/init.d/nat start

# echo a suitable value into ip_conntrack_max as soon as the
# ip_conntrack module will have been reloaded

echo "220000" > /proc/sys/net/ipv4/ip_conntrack_max

# reload any other stateful rules
iptables -I FORWARD -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT
iptables -I INPUT -i eth0 -p tcp ! --syn -m state --state NEW -j REJECT

echo "done."