thr3ads.net - Shorewall users - [Shorewall-users] reject with tcp rst [Jan 2002]

If this information is useful, please help other people find it:
Share via:

Riccardo Valente

2002-Jan-07 14:29 UTC

[Shorewall-users] reject with tcp rst

Is it possible to specify the action taken on reject? I believe netfilter sends
an ICMP "destination unreachable" message, but I''d like to
configure shorewall to reject TCP connections to specific ports using a TCP RST
packet. Any idea?

Thanks,
Riccardo

Tom Eastep

2002-Jan-07 14:54 UTC

head link

[Shorewall-users] reject with tcp rst

On Monday 07 January 2002 06:29 am, Riccardo Valente
wrote:> Is it possible to specify the action taken on reject? I believe netfilter
> sends an ICMP "destination unreachable" message, but I''d
like to configure
> shorewall to reject TCP connections to specific ports using a TCP RST
> packet. Any idea?
>
The later versions of Shorewall already do that (unless you''ve found a
case=20
that I missed).

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------

Riccardo Valente

2002-Jan-07 15:02 UTC

head link

[Shorewall-users] reject with tcp rst

You were right: I wasn''t using a recent version, it''s now
working as
expected.

Many thanks,
Riccardo

----- Original Message -----
From: "Tom Eastep" <teastep@shorewall.net>
To: "Riccardo Valente" <riccardo@thevalentes.net>;
<shorewall-users@shorewall.net>
Sent: Monday, January 07, 2002 2:54 PM
Subject: Re: [Shorewall-users] reject with tcp rst

> On Monday 07 January 2002 06:29 am, Riccardo Valente wrote:
> > Is it possible to specify the action taken on reject? I believe
netfilter> > sends an ICMP "destination unreachable" message, but
I''d like to
configure> > shorewall to reject TCP connections to specific ports using a TCP RST
> > packet. Any idea?
> >
>
> The later versions of Shorewall already do that (unless you''ve
found a
case> that I missed).
>
> -Tom
> --
> Tom Eastep    \ A Firewall for Linux 2.4.*
> AIM: tmeastep  \ http://www.shorewall.net
> ICQ: #60745924  \ teastep@shorewall.net
> -------------------------------------------
>

Tom Eastep

2002-Jan-07 15:04 UTC

head link

[Shorewall-users] reject with tcp rst

On Monday 07 January 2002 06:54 am, Tom Eastep wrote:> On Monday 07 January 2002 06:29 am, Riccardo Valente wrote:
> > Is it possible to specify the action taken on reject? I believe
netfilter
> > sends an ICMP "destination unreachable" message, but
I''d like to
> > configure shorewall to reject TCP connections to specific ports using
a
> > TCP RST packet. Any idea?
>
> The later versions of Shorewall already do that (unless you''ve
found a case
> that I missed).
I DID miss the case of a REJECT policy (such as usually found in the all2all=20
chain). I''ve placed a corrected fireall script at:

    ftp://ftp.shorewall.net/pub/shorewall/errata/1.2.2/firewall

Place the script in the location pointed to by the symbolic link=20
/etc/shorewall/firewall.

-Tom
--=20
Tom Eastep    \ A Firewall for Linux 2.4.*
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net
-------------------------------------------

Shorewall users - Jan 2002 - reject with tcp rst

[Shorewall-users] reject with tcp rst

[Shorewall-users] reject with tcp rst

[Shorewall-users] reject with tcp rst

[Shorewall-users] reject with tcp rst