REJECT rules with tcp-reset.

To: debian-firewall@lists.debian.org
Subject: REJECT rules with tcp-reset.
From: "Egor Tur" <worldeb@inet.ua>
Date: Fri, 20 Feb 2004 04:52:47 +0200
Message-id: <[🔎] htd3zz.zdwguc@newmail.inet.ua>

Hi folk.
How can I correctly create rules with REJECT and tcp-reset.
If I do
iptables -A INPUT -i eth0 -p tcp --sport 1024: -d MY.IP --dport 113 -j REJECT
--reject-with tcp-reset
iptables -A OUTPUT -o eth0 -p tcp ! --syn --dport 1024: -s MY.IP --sport 113
-j
ACCEPT
I wait long time when I try connect with ftp & mail services.
If I try REJECT --reject-with icmp-port-unreachable
this work quickly but slowly then I permit authentication.

What can I do in order to use tcp-reset?
May be using state rules?

I use unstable iptables 1.2.9, kernel 2.4.24

Thanx.
--
Зарегистрируйте бесплатный почтовый ящик @inet.ua

Reply to:

Follow-Ups:
- Re: REJECT rules with tcp-reset.
  - From: Mike Mestnik <cheako911@yahoo.com>
- Re: REJECT rules with tcp-reset.
  - From: SLeiBt <irishseb@free.fr>
- Re: REJECT rules with tcp-reset.
  - From: John Leach <john@johnleach.co.uk>

Prev by Date: Re: HTTP latency ..urgent
Next by Date: Re: REJECT rules with tcp-reset.
Previous by thread: Re: HTTP latency ..urgent
Next by thread: Re: REJECT rules with tcp-reset.
Index(es):
- Date
- Thread