[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: REJECT rules with tcp-reset.



Hi,

just the reject rule works for me.  I don't need a rule on OUTPUT (even
though my OUTPUT policy, as probably yours, is DROP).

I don't bother with the --sport arg though, but I wouldn't expect that
to cause you a problem.

try your connection and check the rule counters (iptables -Lv) to make
sure this rule is actually getting hit.  Maybe you've made a mistake.

John.

On Fri, 2004-02-20 at 02:52, Egor Tur wrote:
> Hi folk.
> How can I correctly create rules with REJECT and tcp-reset.
> If I do
> iptables -A INPUT -i eth0 -p tcp --sport 1024: -d MY.IP --dport 113 -j REJECT
> --reject-with tcp-reset
> iptables -A OUTPUT -o eth0 -p tcp ! --syn --dport 1024: -s MY.IP --sport 113
> -j
> ACCEPT
> I wait long time when I try connect with ftp & mail services.
> If I try REJECT --reject-with icmp-port-unreachable
> this work quickly but slowly then I permit authentication.
> 
> What can I do in order to use tcp-reset?
> May be using state rules?
> 
> I use unstable iptables 1.2.9, kernel 2.4.24

-- 
GPG: B89C D450 5B2C 74D8 58FB A360 9B06 B5C2 26F0 3047
WEB: http://www.johnleach.co.uk

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: