It is possible to set a shorewall rule to obtain a iptables rule like: iptables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset it''s important the "--reject-with tcp-reset" Thanks
On Sunday 14 March 2004 05:26 pm, Salvatore wrote:> It is possible to set a shorewall rule to obtain a iptables rule like: > > iptables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset > > it''s important the "--reject-with tcp-reset" >Just make sure that your REJECT rule specifies protocol = tcp -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> On Sunday 14 March 2004 05:26 pm, Salvatore wrote: > >>It is possible to set a shorewall rule to obtain a iptables rule like: >> >>iptables -A INPUT -p tcp --dport 80 -j REJECT --reject-with tcp-reset >> >>it''s important the "--reject-with tcp-reset" >> > > > Just make sure that your REJECT rule specifies protocol = tcp >Actually that isn''t true -- any rejected TCP packet will be rejected with tcp-reset. That having been said, the number of recent 2.4 kernels with working tcp-reset wasn''t broken are few.... -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
Tom Eastep wrote:> > Actually that isn''t true -- any rejected TCP packet will be rejected > with tcp-reset. That having been said, the number of recent 2.4 kernels > with working tcp-reset wasn''t broken are few.... >That syntax breaks new ground. What I was trying to say is that "-j REJECT --reject-with tcp-reset" doesn''t work in many recent 2.4 kernels. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net