Undo iptables DNAT/MASQUERADE rules and cut existing forwarded connections

Undo iptables DNAT/MASQUERADE rules and cut existing forwarded connections

I have a machine where incoming TCP connections are forwarded to an external IP via these iptables rules:

$ sudo -n /sbin/iptables -t nat -A PREROUTING -p tcp --dport 3306 -i eth0 -j DNAT --to 1.1.1.1:3306
$ sudo -n /sbin/iptables -t nat -A POSTROUTING -p tcp --dport 3306 -d 1.1.1.1 -o eth0 -j MASQUERADE
$ sudo -n /sbin/iptables -i eth0 -p tcp --dport 3306 -I INPUT -j REJECT --reject-with tcp-reset

My issue is that I would like to undo these rules and drop all forwarded connections so that clients reconnect to the current machine. I've removed and flushed the iptables rules (so iptables -S comes back clean), and have tried removing the associated connections via conntrack -r 1.1.1.1 -D (and a bunch of entries are in fact deleted), but the connections keep getting reestablished. I've tried the solution given in conntrack delete does not stop runnig copy of big file but seemingly to no avail.

What am I missing (or doing incorrectly)?

相关内容