===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.116
retrieving revision 2.117
diff -u -p -r2.116 -r2.117
--- scripts/shell/firewall/fw-universal.sh	2018/06/28 23:13:42	2.116
+++ scripts/shell/firewall/fw-universal.sh	2018/08/23 04:34:58	2.117
@@ -22,7 +22,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.115 2018/06/28 22:46:00 nepto Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.116 2018/06/28 23:13:42 nepto Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -767,7 +767,10 @@ do_ban_single_ip()
 		if [ "X$XEN_MODE" = "Xon" ]; then
 			print_info -ne " XEN_MODE ";
 		else
-			$IPTABLES -A FORWARD -s $banned_ip -j DROP;
+			# This does immediate connection termination, but it must be
+			# inserted (not appended) into chain, otherwise connection
+			# will still remain alive -- Nepto [2018-08-23]
+			$IPTABLES -I FORWARD -s $banned_ip -j DROP;
 		fi
 	done
 } # }}}