Is there any command that can be used to break an existing TCP/IP connection from some program?
Is there anything in a TCP connection the OS is aware of, or do the
Use tcpkill.
Cutter
Cutter will send packets to both ends of a TCP/IP connection to close the connection. It is designed to be used on a Linux router to disconnect unwanted connections.
Website: http://www.digitage.co.uk/digitage/software/linux-security/cutter
Debian has a package of it: https://packages.debian.org/stable/cutter
My take on this is by using the `iproute2
framework.
Create a blockhole/unreachable bucket routing table (in my example table id 33) through a rule and give it high prio:
# ip rule add from all lookup 33 prio 1
Now find the connections you're trying to block. In my case I have used Chromium to connect to google.com:
# ss -n -e -p | grep "chrom" | grep "173.194.*:443"
ESTAB 0 0 10.211.55.4:46710 173.194.35.2:443 timer: (keepalive,38sec,0) users:(("chromium-browse",8488,106)) uid:1000 ino:38318 sk:f6a4f800
ESTAB 0 0 10.211.55.4:49288 173.194.35.18:443 timer:(keepalive,34sec,0) users:(("chromium-browse",8488,109)) uid:1000 ino:38047 sk:f6a4cb00
So, let's add 173.194.0.0/16 to table 33 and flush the cache:
# ip route add unreachable 173.194.0.0/16 table 33
# ip route flush cache
Try to connect to google.com now in your browser and you will get a ERR_CONNECTION_REFUSED
in your browser.
To lift the veil of your self-imposed blockage, you simple flush the bucket:
# ip route flush table 33
Of course, if you need a more granular distinction, you can use tc
and u32 classifier to flag the exact IP:PORT
combo (and other packet aspects) and add an fw rule to the bucket (untested):
# tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 \
match ip src 173.194.0.0/16 match ip dport 443 classid :1
# ip rule add fwmark 1 table 33 prio 1 realms 3/4