Displaying 2 results from an estimated 2 matches for "unestablished".
Did you mean:
unestabilished
2013 Jun 21
0
[Bug 696] Extra tcp options for REJECT --reject-with tcp-reset-both / tcp-reset-destination
...96
--- Comment #3 from Alessandro Vesely <vesely at tana.it> 2013-06-21 15:50:56 CEST ---
(In reply to comment #2)
> you have to put this REJECT rule before any RELATED/ESTABLISHED
> conntrack ctstate match rules (which is suboptimal).
No, I can use conntrack -D to have the connection unESTABLISHED.
In general, it is polite to send a tcp-reset to both peers. However,
people often reset connections because the remote peer is a malicious
client, so it is popular to omit sending the tcp-reset as a form of revenge.
Still, people like to reset their own side, so as to avoid wasting
resources....
2005 Sep 06
4
Paranoid Firewalling
After reading this article:
http://www.theregister.co.uk/2005/08/31/blocking_chinese_ip_addresses/
I got to thinking that there is really no reason for *any* traffic to
hit my servers that comes from anywhere outside North America. So I
wrote the perl script at the end of this posting to extract selected IP
ranges posted at iana.org and convert them into iptables rules blocking
any traffic