Hi All, I am trying to find a way to kill (terminate) a user's connection based on an IP address. I used the following command config b conn client 10.27.9.113 show 10.27.9.113:2867 <-> 10.29.225.6:https <-> 10.22.132.41:http tcp 1/0 config b conn client 10.27.9.113 delete But it is not terminating the connection. How can I terminate a user based on the source IP? Meena

Have you tried "b conn 10.27.9.113 delete" ? CB

yes. I tried that command. It removes the connection from the connections table on the BigIP but on the client side the session is still up. I want to send a TCP reset to the client killing the connection completely. Is this possible? Meena

I don't think there is a explicit command to send a connection reset to the client. Perhaps someone in the forum However, there might be indirect method of closing a connection here is a ask.f5.com solution article that talks about the various ways to send a IP TCP reset on a BIGIP https://support.f5.com/kb/en-us/solutions/public/9000/800/sol9812.html I hope this helps CB

On v10.0.1, I set up an SSH vip, opened an SSH connection and then deleted it: b conn client 10.254.1.66 delete A tcpdump on the client showed that it received a RST from the LTM, and my SSH session was closed with: [root@webs ~] Read from remote host 10.254.1.22: Connection reset by peer Connection to 10.254.1.22 closed. So it seems to work for me.Though, I did notice that the LTM will not send a RST if "Reset on timeout" is disabled in the TCP profile for the vip. But, it is enabled by default. Another way is to use the "b conn" command to specify an idle timeout of 1. This should cause a RST to be sent because of an idle timeout: b conn client 10.254.1.66 idle timeout 1 Hope this helps

Actually, I was on 9.4.7, not v10.

deleting current active connections on a BigIP

17 Replies

Kleython_Kell_5
Nimbostratus
Jul 11, 2012
i did delete only the ssh connection with the command:

b conn client 10.10.4.30 server 10.10.4.31:22 delete

but one question with the VE 10.1 trial

i open a conection with the vs 10.10.4.100 port 443 and with source persist

the persist work 100%, but in the cli with the command b conn client 10.10.4.30 or b conn server 10.10.4.100 some time i see the conenction and sometimes not

is there one limitation of trial ?

thanks
nitass
Employee
Jul 11, 2012
the persist work 100%, but in the cli with the command b conn client 10.10.4.30 or b conn server 10.10.4.100 some time i see the conenction and sometimes not

is there one limitation of trial ? i think connection is already closed before you run b conn. i do not think it is the limitation.
Kleython_Kell_5
Nimbostratus
Jul 11, 2012
I ruin the command: b conn client 10.10.4.30

just this, just to only show de connections about the client. I dont run the b conn to remove than

example

i from machine 10.10.4.30 access the VS https://10.10.4.100 , with source persist.

Works fine

In cli i use: b conn client 10.10.4.30

sometime appers the https conections, but sometimes not.

there is a persistence with many seconds,, it still apers on bconn ? i think yes.

Or not ?

nitass

Employee

Jul 11, 2012

connection table and persistence table are maintained separately. connection table entry will be deleted when connection is closed.

e.g.

/var/log/ltm
Jul 11 21:52:23 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:52:23 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:52:23 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:52:23 local/tmm info tmm[5111]: Rule myrule :

[root@ve10:Active] config  b conn client 172.28.19.251
172.28.19.251:32887 <-> 172.28.19.79:443 <-> 200.200.200.101:80   6 1/0

/var/log/ltm
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :
Jul 11 21:53:16 local/tmm info tmm[5111]: Rule myrule :

[root@ve10:Active] config  b conn client 172.28.19.251
No Conns were found.

Kleython_Kell_5
Nimbostratus
Jul 11, 2012
exactly, I was confusing active connections with persistence.

Thank you for the information.

Att
Techgeeeg
Nimbostratus
Jul 13, 2012
Hi everyone,

To kill the connection from a particular IP currently this feature is only avaliable via command line not in the GUI m i correct???
hoolio
Cirrostratus
Jul 13, 2012
That's correct Techgeeeg.

Aaron

Forum Discussion

deleting current active connections on a BigIP

17 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Deleting an AS3 Tenant

Delete VS

This DevCentral Content has been Archived or Deleted

Delete Management Default Route?

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS