On Thu, 26 May 2022, Hippo Man wrote:
[...]
I also read your other message where you referred to a stackexchange conversation about killing existing connections. That conversation confirms what I have observed in my own environment: that iptables offers no way to terminate an already established connection.
Also, "conntrack" is mentioned in that discussion, but I haven't been able to get conntrack to work on my debian-8 system.
If you use fail2ban or something which adds a rule to block an ip address using iptables or nftables, it will work.
You have been already told that if you have a rule allowing established/related connections having a higher precedence than the blocking rule, then obviously the blocking will not work.
I use nftables, and have "ct state established,related accept" at the very bottom of my ruleset (just before the default action: drop).
For fail2ban I use a script which adds the ip to a nftables set (aptly named fail2ban), and I have the rule "ip saddr @fail2ban drop" near the top of the ruleset.
I just tested blocking myself (ssh instead of imaps, but there should not be any difference) and the block is immediate.
Good luck!