Firewall state not immediate


When committing a new firewall rule how do you force a refresh of the state?

For example I have a IP I want to block traffic and any established connections don’t get dropped. If I add the IP to an address group that is set to drop traffic it doesn’t immediately block the client.



show conntrack table ipv4

find the source ip or connection-id
and then

delete conntrack table ipv4 source/conn-id