On Wed, May 11, 2005 at 05:22:32AM -0400, D'Arcy J.M. Cain wrote:
> You have blocked the offending site but now you have
> a bunch of connections hanging around waiting for a timeout.

Would you realy go through and kill them? I'd either just wait for them
to timeout - or restart the attacked service, if I can.

I agree, however, that ipfilter should imediately drop state for connections
affected by a new block added. (By magic done in userland, of course)

Anyway, to reiterate: if people think this functionality is usefull, I'd be
not opposed to adding it.

Martin