[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: REJECT rules with tcp-reset.



Le ven 20/02/2004 à 03:52, Egor Tur a écrit :
> Hi folk.
> How can I correctly create rules with REJECT and tcp-reset.
> If I do
> iptables -A INPUT -i eth0 -p tcp --sport 1024: -d MY.IP --dport 113 -j REJECT
> --reject-with tcp-reset
> iptables -A OUTPUT -o eth0 -p tcp ! --syn --dport 1024: -s MY.IP --sport 113
> -j
> ACCEPT
> I wait long time when I try connect with ftp & mail services.
> If I try REJECT --reject-with icmp-port-unreachable
> this work quickly but slowly then I permit authentication.
> 
> What can I do in order to use tcp-reset?
> May be using state rules?

You could... But it's not needed.

I'm using this:

iptables -I INPUT -s <somewhere> -p tcp --dport 80 --syn -j REJECT
--reject-with tcp-reset

I don't know if the outgoing packet goes through any chains or what. I'd
say it doesn't.

Regards,

Sebastien



Reply to: