From bbfff1828061514e48395a5dbc5c1f9f81625e82 Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <serg.brester@sebres.de>
Date: Thu, 3 Jun 2021 12:02:08 +0200
Subject: [PATCH] action.d/ufw.conf: amend to #3018: parameter `kill-mode`
 extended with conntrack

---
 config/action.d/ufw.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/config/action.d/ufw.conf b/config/action.d/ufw.conf
index 088a5a9d..c9ff7f37 100644
--- a/config/action.d/ufw.conf
+++ b/config/action.d/ufw.conf
@@ -33,13 +33,14 @@ actionunban = if [ -n "<application>" ] && ufw app info "<application>"
               fi
 
 # Option: kill-mode
-# Notes.: can be set to ss (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
+# Notes.: can be set to ss or conntrack (may be extended later with other modes) to immediately drop all connections from banned IP, default empty (no kill)
 # Example: banaction = ufw[kill-mode=ss]
 kill-mode =
 
 # intern conditional parameter used to provide killing mode after ban:
 _kill_ =
 _kill_ss = ss -K dst "[<ip>]"
+_kill_conntrack = conntrack -D -s "<ip>"
 
 # Option: kill
 # Notes.: can be used to specify custom killing feature, by default depending on option kill-mode