Date: Tue, 6 May 1997 13:04:32 +1000 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: Archie Cobbs <archie@whistle.com> Cc: current@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: divert still broken? Message-ID: <Pine.BSF.3.91.970506130122.4479h-100000@panda.hilink.com.au> In-Reply-To: <199705060046.RAA10264@bubba.whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 5 May 1997, Archie Cobbs wrote: > > > - When a reject rule applies to an incoming TCP packet, send > > > the appropriate TCP response packet (ie., RST) instead of an > > > ICMP port unreachable. > > > > I think you want to make this user configurable and perhaps on a per-rule > > basis. > > This is only with "reject" -- ie., right now it sends an ICMP unreachable. > There's still "deny" which silently drops. How about ipfw add 1000 reset tcp from any to foo 23 So the choices are: deny : be silent reject: send ICMP !H reset : send RST Ipfilter allows you to choose to send !H or !N. How could this be done in ipfw? Is it needed? Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970506130122.4479h-100000>