I my Cisco ASA I filter incoming traffic by using access-lists. I have noticed that if I change the action on entry in the access-list from permit to deny, traffic still flows through connections that were active when I did the change. It seems that only new connections will be denied. To stop the traffic in active connections I have do run a "clear conn address x.x.x.x".
What I want is that all traffic specified in the access-list is stopped immediately when changing from permit to deny, without having to run the clear conn manually.
Any tips on this?