Date: Tue, 6 May 1997 13:04:32 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Archie Cobbs <archie@whistle.com> Cc: current@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <Pine.BSF.3.91.970506130122.4479h-100000@panda.hilink.com.au> In-Reply-To: <199705060046.RAA10264@bubba.whistle.com>
index | next in thread | previous in thread | raw e-mail
On Mon, 5 May 1997, Archie Cobbs wrote: > > > - When a reject rule applies to an incoming TCP packet, send > > > the appropriate TCP response packet (ie., RST) instead of an > > > ICMP port unreachable. > > > > I think you want to make this user configurable and perhaps on a per-rule > > basis. > > This is only with "reject" -- ie., right now it sends an ICMP unreachable. > There's still "deny" which silently drops. How about ipfw add 1000 reset tcp from any to foo 23 So the choices are: deny : be silent reject: send ICMP !H reset : send RST Ipfilter allows you to choose to send !H or !N. How could this be done in ipfw? Is it needed? Dannyhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970506130122.4479h-100000>