Re: woody firewall broken?

To: Davi Leal <david.leal@ene.es>
Cc: debian-firewall@lists.debian.org
Subject: Re: woody firewall broken?
From: Jean Christophe ANDRÃ? <jean-christophe.andre@auf.org>
Date: Thu, 18 Jul 2002 16:57:22 +0700
Message-id: <[🔎] 20020718095721.GM12770@virus.home>
In-reply-to: <[🔎] 001c01c22e40$590241e0$0507e0c2@ene.es>
References: <[🔎] Pine.LNX.4.44.0207161603040.2834-100000@badlands.lexington.ibm.com> <[🔎] 001c01c22e40$590241e0$0507e0c2@ene.es>

Davi Leal écrivait :
> I have added the iptables filter:
> iptables -A FORWARD -p tcp -d 194.224.7.3 --dport 112 -j REJECT

You may better do this:

  iptables -A INPUT -p tcp -m tcp --dport 113 -m state --state NEW \
           -j REJECT --reject-with tcp-reset

It simulates a "not-open" port and not a "filtered" port, and only
for new connections so it keeps logging TCP ACK if configured so.

Regards, J.C.


-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Re: woody firewall broken?
  - From: Richard A Nelson <cowboy@debian.org>
- Re: woody firewall broken?
  - From: "Davi Leal" <david.leal@ene.es>

Prev by Date: Re: woody firewall broken?
Next by Date: FOLLOWUP Re: turning on verbose logging for iptables?
Previous by thread: Re: woody firewall broken?
Next by thread: Re: woody firewall broken?
Index(es):
- Date
- Thread